An orphan account is an access account that is not linked to a physical user. This usually occurs when the user leaves the organization, changes roles, or no longer needs access to certain resources, but their user account has not been properly deactivated or deleted.
This is an account for which there can be no arbitration on its legitimacy because it is not known which user it belongs to or for which user it was created.
Identifying orphan accounts and processing their arbitration is a key step in IAM. This includes measures such as regular review of user accounts, deactivation or deletion of unused or unnecessary accounts, and the implementation of tracking mechanisms to proactively detect and manage orphan accounts.