Detect accounts that were created but never successfully logged in. These accounts appeal to attackers as they may be able to register their own MFA factors.

A user will fail this check if they have not logged in within 7 days.

Recommended Actions

Trigger an access review with the user’s manager to verify that the unused account is still necessary. If not needed, suspend the account immediately. Otherwise, reset the account and direct the manager to onboard the user correctly.

Default Check Settings

Number of days: 7

Compatibility

Okta

Salesforce