An orphan account is an access account that is not attached to a physical user. This usually occurs when the user leaves the organization, changes role or no longer needs access to certain resources, but the user account has not been properly deactivated or deleted.
This is an account on which there can be no arbitration as to its legitimacy, since we don't know which user it belongs to or for whom it was created.
Identifying orphan accounts and dealing with their arbitration is a key step inIAM. This includes measures such as regularly reviewing user accounts, deactivating or deleting unused or unnecessary accounts, and setting up tracking mechanisms to proactively detect and manage orphan accounts.