Identity Management - Inactive Account Detection¶
Description¶
Dormant Identities tracks the number of unused or inactive accounts within the organization, providing critical insight into potential security risks as dormant accounts are prime targets for unauthorized access and exploitation, making their identification and timely deactivation essential for reducing the attack surface and maintaining robust access controls.
How we measure it¶
Find all active users from Okta and check their last login date. Users are considered compliant if they have logged in within the last 90 days, ensuring accounts are actively used and not dormant.
Meta Data¶
| Attribute | Value |
|---|---|
| Metric id | im_dormant |
| Category | Identity Management |
| SLO | 98.00% - 99.00% |
| Weight | 0.8 |
| Type |  |
References¶
| Framework | Ref | Domain | Control |
|---|---|---|---|
| ISO 27001:2022 | A.5.16 | 5 Organizational controls | Identity management |
| CIS 8.1 | 5.3 | Account Management | Disable Dormant Accounts |
| NIST CSF v2.0 | PR.AA-01 | Identity Management, Authentication, and Access Control (PR.AA) | PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization |
Code¶
select
profile.login as resource,
'user' as resource_type,
last_login as detail,
case
when CURRENT_DATE - CAST(last_login AS DATE) < 90 then 1
else 0
end as compliance
from
{{ ref('okta_users') }}
where
status = 'ACTIVE'