HomeIdentity Security Encyclopedia › Orphaned Accounts

Orphaned Accounts

Orphaned accounts are user accounts or identities (human or non-human) that remain active in a system despite no longer having a valid owner, purpose, or authorized user — often left behind when employees leave, projects end, or applications are decommissioned.

IGA PAM NHI Security Risk

❓ What is Orphaned Accounts?

Orphaned accounts are user accounts or identities (human or non-human) that remain active in a system despite no longer having a valid owner, purpose, or authorized user — often left behind when employees leave, projects end, or applications are decommissioned.

⚙️ How Does It Work?

IGA platforms identify orphaned accounts by comparing active accounts against HR records and application usage data. Accounts without a matching active employee or recent usage are flagged for review and decommissioning.

📍 Where Is It Used?

Every enterprise environment — orphaned accounts accumulate over time and are a pervasive, often underestimated security risk.

💡 Real-World Example

A penetration test discovers an orphaned service account from a decommissioned application two years ago. The account still has domain admin privileges and a 5-year-old password. The tester uses it to take over the entire Active Directory — demonstrating how orphaned accounts become prime attack vectors.

🔗 Related Terms

IGA Decommissioning Service Account Stale Accounts Identity Lifecycle
← OffboardingOverprivileged Identity →

Stay Ahead in Identity Security

Get weekly IAM, PAM & IGA insights delivered to your inbox via Identity Pulse.

Subscribe to Identity Pulse →
Scroll to top