<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

How ISPM Determines an Account is Orphaned in Entra/AAD

Last Updated:

Identity Security Posture Management
Okta Identity Engine

Overview

How does ISPM determine an account is orphaned in Entra/AAD?

Applies To

  • ISPM
  • OIE
  • Entra ID / AzureAD

Cause

An orphaned account is defined as an account that the system was unable to match to a person or a corresponding account in your primary Identity Provider (typically Okta).

ISPM employs several linking algorithms to identify accounts, and if a match cannot be established, the account may be flagged as orphaned.

Solution

This is marked as low severity due to its reliance on AI, which may not always be perfectly accurate. Based on our experience, the system may identify "leftover" accounts.

Recommended content

Still looking for help?
Loading
Okta Support - How ISPM Determines an Account is Orphaned in Entra/AAD