 Role Availability
|
 Read-Only
|
Investigator |
Analyst
|
Manager
|
USM Anywhere detects the status of user entities and their accounts, and normalizes those statuses for you under Environment > Users. To understand how USM Anywhere normalizes these statuses, review the following table. This table lists the normalized states for each data source next to the unique states that map to them in the data source.
Note: See Managing Users to read more about how USM Anywhere uses and displays the normalized states for users and their accounts.
| Data Source | State | Description |
|---|---|---|
| AWS | Retired | The user is no longer listed in Identity and Access Management (IAM). |
| Disabled | Unsupported. | |
| Azure | Retired | The user is deleted from Microsoft Azure Active Directory (AD). |
| Disabled | The "Block sign in" value is "Yes". | |
| Active directory and Office 365 | Retired | The user is sent to the Microsoft Windows Recycle Bin using the delete action. |
| Disabled | "disabled" is flagged in the properties dialog box. | |
| GCP | Retired | The "deletionTime" field has any value. |
| Disabled | The account is flagged as "suspended". | |
| Okta | Retired | The user is deleted from the directory screen. |
| Disabled | "userStatus" is set to any value other than "Active". |
Feedback