How ISPM Determines an Account is Orphaned in Entra/AAD
May 9, 2025
Identity Security Posture Management
Okta Identity Engine
Overview
How does ISPM determine an account is orphaned in Entra/AAD?
Applies To
- ISPM
- OIE
- Entra ID / AzureAD
Cause
An orphaned account is defined as an account that the system was unable to match to a person or a corresponding account in your primary Identity Provider (typically Okta).
ISPM employs several linking algorithms to identify accounts, and if a match cannot be established, the account may be flagged as orphaned.
Solution
This is marked as low severity due to its reliance on AI, which may not always be perfectly accurate. Based on our experience, the system may identify "leftover" accounts.
