Most organizations struggle to accurately manage and understand all their Application/Directory Accounts and which ones are actively being used. There is a huge risk associated to all accounts which are no longer in use but are still active and could be susceptible for attacks if compromised. Additionally, there could be unnecessary cost associated with licenses assigned to accounts that are no longer in use.
We see organizations introduce manual dormancy processes, but these can be inaccurate and require significant ongoing effort to be effective.
Typically, organizations want to introduce an automated and phased approach to managing dormant accounts. This process would first notify account owners and administration teams of any dormant accounts, enabling the user/team to take action if the account is still required. If no action is taken, the solution should then perform automated Account Disablement and possibly Account Deletion after a specified number of days of inactivity.
The following document, created by RSA Professional Services, provides steps on how to configure this solution within your environment.
Always first add configuration to a non-production environment and test thoroughly against real life data before promoting to further environments.
Always take a backup of the environment/s before making any significant changes.