Register Sign in Need help? FAQ SailPoint directory
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
matthew_pahls
Lookout
‎Aug 08, 2022 12:50 PM

Service Accounts

Jump to solution

At what point do you consider an account dormant and disable it? What are you using to determine if an account is not being used?

Reply
1 Solution

Accepted Solutions
mkscarberry
Lookout
‎Aug 08, 2022 02:33 PM

Jump to solution

In AAD and AD, we check for last logged in.  If >90 days, we disable the account.   If after 90 days no one claims it, we move the account into OU=Disabled.   After 366 days in OU=Disabled, we purge it.

View solution in original post

Reply
2 Replies
mkscarberry
Lookout
‎Aug 08, 2022 02:33 PM

Jump to solution

In AAD and AD, we check for last logged in.  If >90 days, we disable the account.   If after 90 days no one claims it, we move the account into OU=Disabled.   After 366 days in OU=Disabled, we purge it.

Reply
aparker81
Deckhand III
In response to mkscarberry
‎Jun 21, 2023 10:46 AM

Jump to solution

Agreed.  We take the same approach.

0 Kudos
Reply