# Inactive Users

Detects users who are enabled (Active status) and who have not successfully authenticated for more than 30 days.

Dormant accounts carry unnecessary financial and information security risk for your organization. These users might consume application licenses without using them. By leaving standing entitlements in place that are not needed or not used on a regular basis, attackers may be able to use a dormant account to gain access to sensitive systems and data.&#x20;

**Recommended Actions**

Trigger an access review with the user’s manager to verify that the dormant account still needs access. If not needed, suspend the account immediately. Otherwise, continue monitoring the account for activity and suspend after a grace period. By reducing the number of accounts and adopting a least privilege model, organizations can reduce their attack surface.

**Default Check Settings**

Number of days:30

**Compatibility**

[Microsoft Entra ID](https://docs.oort.io/integrations/azure-active-directory-integration)

[Okta](https://docs.oort.io/integrations/okta-data-integration)

[Salesforce](https://docs.oort.io/integrations/salesforce-integration)

[GitHub](https://docs.oort.io/integrations/github)

[Google Workspace](https://docs.oort.io/integrations/google-workspace-integration)

[AWS](https://docs.oort.io/integrations/aws)

[Duo](https://docs.oort.io/integrations/duo-security-integration)

[Snowflake](https://docs.oort.io/integrations/snowflake)

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.oort.io/understanding-check-failures/oort-insights/identity-posture-management-insights/inactive-users.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.