Understanding User Status in User Data Sources

Role Availability Read-Only Investigator Analyst Manager

USM Anywhere detects the status of user entities and their accounts, and normalizes those statuses for you under Environment > Users. To understand how USM Anywhere normalizes these statuses, review the following table. This table lists the normalized states for each data source next to the unique states that map to them in the data source.

Note: See Managing Users to read more about how USM Anywhere uses and displays the normalized states for users and their accounts.

User Account States by User Data Source
Data Source State Description
AWS Retired The user is no longer listed in Identity and Access Management (IAM).
Disabled Unsupported.
Azure Retired The user is deleted from Microsoft Azure Active Directory (AD).
Disabled The "Block sign in" value is "Yes".
Active directory and Office 365 Retired The user is sent to the Microsoft Windows Recycle Bin using the delete action.
Disabled "disabled" is flagged in the properties dialog box.
GCP Retired The "deletionTime" field has any value.
Disabled The account is flagged as "suspended".
Okta Retired The user is deleted from the directory screen.
Disabled "userStatus" is set to any value other than "Active".