Term · 3. Account Management & Provisioning
Orphan Account
Definition
Account in a target system that cannot be correlated to any identity in the identity warehouse — abandoned by previous owner (terminated employee whose deprovisioning failed), shared account without owner, test/admin account with no documented owner. Major security and compliance risk: no owner = no accountability.
- Application
- MidPoint: An account without an owner, an account that does not seem to belong to anybody.
Related terms
-
Entitlement Creep
Gradual accumulation of access rights beyond what's needed for current job, as users change roles without losing prior a …
-
Over-provisioning
Granting access beyond what's needed for the role — common cause of attack surface expansion and SoD violations. Sources …
-
HR Policy
Policies governing identity lifecycle based on HR data — what triggers provisioning, what role mapping applies, what app …
-
Offboarding
End-of-lifecycle process when an identity is terminated — disable accounts, revoke entitlements, terminate active sessio …
-
Query Playground (QP)
In Evolveum midPoint, a **Query Playground (QP)** is an administrative UI page that allows authorized users to construct …
-
Aggregation (Aggr)
Process of collecting account and entitlement data from target systems into the IGA platform. Foundation for reconciliat …