Stale accounts are user accounts or identities that remain active in an organization's IT environment despite being unused for an extended period — typically 30, 60, or 90+ days — representing a security risk as dormant attack surfaces.
⚙️ How Does It Work?
IGA platforms identify stale accounts by analyzing last login timestamps and activity data. Accounts exceeding inactivity thresholds are flagged for review, automatically disabled after a grace period, or deleted per the account lifecycle policy.
📍 Where Is It Used?
Every enterprise — stale accounts accumulate from temporary project access, contractor engagements, role changes, and inadequate offboarding.
💡 Real-World Example
A retail company's IGA audit finds 800 employee accounts inactive for 90+ days. Investigation reveals: 300 are ex-employees missed in manual offboarding, 200 are contractors whose projects ended, and 300 are real employees on extended leave. The 500 unauthorized accounts are immediately disabled.
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →