https://sinetris.info/tags/orphan-account/Recent content in Orphan Account on Sinetris's viewpointsSine Die theme for HugoDuilio Ruggieroduilio@sinetris.info© 2023 - 2026, Duilio Ruggiero2023-07-16T18:20:00Z2023-07-16T18:20:00+00:002023-07-16T18:20:00Zhttps://sinetris.info/topics/iam/iga/considerations/#atom

<h2 id="assets-and-people">Assets and people</h2> <p>Ensure to have proper Orphan Account Monitoring (for example, people leaving the company) and delegation (for example, people in sick or parental leave) for people assigned to managing assets (Asset Owners, Application Administrators, Infrastructure Administrators, etc). Take into consideration that people might be out of office because in vacation, out sick, at a conference, etc.</p>

2023-07-16T18:20:00+00:002023-07-16T18:20:00Zhttps://sinetris.info/topics/iam/iga/identity-security/#atom

<h2 id="orphan-account-monitoring">Orphan Account Monitoring</h2> <p>It’s important to find missing identity associations or assets assigned to wrong identities (for example off-boarded employees).</p> <p>Examples:</p> <ul> <li> <p>An account is associated to an asset but is not assigned to any identity</p> <ul> <li>All accounts should be associated with one (and only one ) identity.</li> <li>If the system allow only one account (for example only one admin), access to that account should happen trough a system that keep track of all actions (see PAM and Just-in-time credentials).</li> <li>If credentials to the account are shared it will be hard to know who performed an action.</li> </ul> </li> <li> <p>Asset role (for example Owner or Admistrator) assigned to an Identity that left the company</p> </li> <li> <p>Employee assigned to a line manager that transferred to a different department</p> </li> </ul> <h2 id="adaptive-authentication">Adaptive Authentication</h2> <p>Varying authentication methods based on runtime evaluation of risk factors.</p>