Short Description - Orphan accounts can pose a serious security challenge for your organization. They are unattended , disown accounts who might have sensitive access assigned to them. We need to regular monitoring and appropriate handling of these accounts to mitigate the security risk.
Applicable version - All versions
Detailed best practice -
Continuous monitoring - Saviynt provides out of the box Control to monitor orphan accounts across the systems. We should utilize and monitor orphan account reports to keep a track on unattended account in the systems. The orphan account reports should be scheduled to run on periodic interval which is aligned with your organization's compliance needs.
Remediation Action -
Map Orphan Accounts - Saviynt's Actionable controls provide an action to manage orphan account. The action is called - 'Map Orphan Accounts'. This action can be used to map the orphan accounts which are reported in Orphan account reports to a valid user/owner.
Recertify - The regular certification/ campaign should include orphan accounts and an admin needs to review the access assigned to orphan accounts. If the orphan account can not be mapped to valid identity and access can not be justified, we should revoke the account and associated access.
De-Activate Account - Every orphan account needs to be owned by a valid owner/user. If a user to account link can not be established the admin can take a decision to Deprovision Account/ Disable Account. These Actions can be taken from Actionable Orphan account report.