USM Anywhere™

Understanding User Status in User Data Sources

USM Anywhere detects the status of user entities and their accounts, and normalizes those statuses for you under Environment > Users. To understand how USM Anywhere normalizes these statuses, review the following table. This table lists the normalized states for each data source next to the unique states that map to them in the data source.

Note: See Managing Users to read more about how USM Anywhere uses and displays the normalized states for users and their accounts.

User Account States by User Data Source
Data Source State Description
AWS Retired The user is no longer listed in Identity and Access Management (IAM)
Disabled Unsupported
Azure Retired The user is deleted from Microsoft Azure Active Directory
Disabled The "Block sign in" value is "Yes"
Active Directory and Office 365 Retired The user is sent to the Recycle Bin using the delete action
Disabled "disabled" is flagged in the properties dialog box
GCP Retired The "deletionTime" field has any value
Disabled The account is flagged as "suspended"
Okta Retired The user is deleted from the directory screen
Disabled "userStatus" is set to any value other than "Active"