Visibility
SaaS Software
IAM Managers
IT Procurement

Detect inactive accounts that still hold licenses and reclaim 15–30% of SaaS spend.

Outcome

Security and IT teams gain continuous, accurate visibility into every licensed account — regardless of source system — and can immediately identify accounts that are inactive but still consuming licenses. The result is a smaller attack surface, reduced SaaS spend, and an auditable record of remediation actions taken.

Business impact:  Organizations typically find 15–30% of licensed seats tied to dormant accounts. Revoking them eliminates a high-risk initial-access vector—zombie accounts—that are often missed by traditional deprovisioning, and recovers budget that can be immediately redeployed.

Why this is hard without Oleria

Identifying inactive licensed accounts sounds simple, but in practice it requires reconciling data across HR systems, identity providers, and dozens of SaaS applications — each with its own definition of "active" and its own activity log format. Without a unified platform, teams face:

·     Fragmented data sources. HR systems, Okta/Entra ID, Salesforce, GitHub, Snowflake, and others each hold a partial view. No single tool correlates them automatically.

·     No standard definition of dormancy. Last-login timestamps alone are unreliable. A user can appear "active" in an IDP but never touch the downstream SaaS application the license is for.

·     License data lives in finance, not security. Procurement and IT manage seat counts in spreadsheets or separate ITAM tools that are rarely connected to identity or access data.

·     Manual reconciliation is slow and error-prone. Quarterly audits by hand take weeks. By the time the list is clean, new joiners and leavers have already made it stale.

·     Non-human identities are invisible. Service accounts, shared accounts, and OAuth-based app integrations hold licenses too — but are rarely included in human-focused access reviews.

·     Offboarding gaps persist. Even when HR systems trigger deprovisioning, timing delays and partial automation leave accounts open — and licensed — for days, weeks, or longer.

What Oleria delivers

As a core capability of our AI native Identity Security Platform, Oleria Trustfusion continuously ingests identity, access, and activity signals from across your environment and normalizes them into a composite Access Graph. This graph makes it possible to calculate true dormancy — not just IDP last-login, but actual application-level activity — and to surface every licensed account that no longer shows meaningful use.

Unified Identity 360 view

Every human identity, NHI, and application account correlated into one record — enriched with HR status, IDP attributes, and per-application activity.

Accurate dormancy calculation

Configurable dormancy windows (30, 60, 90 days) applied to real application activity — not just IDP last-login — so findings reflect actual usage.

License-aware posture

Surfaces which accounts still carry active license assignments so teams prioritize reclamation by cost impact, not just account count.

NHI coverage

Service accounts, shared accounts, and OAuth app grants included in dormancy detection — closing the blind spot human-only audits miss.

Posture Campaigns for scalable remediation

Findings are packaged into Posture Campaigns with owner assignment, due dates, and workflow integration — so remediation is tracked, not just flagged.

Continuous monitoring.

Unlike point-in-time audits, Trustfusion re-evaluates dormancy daily, so the list stays current as joiners, movers, and leavers change the environment.

Outcomes at a glance

15–30%
Licensed seats tied to dormant accounts
24–48 hrs
Full baseline after connector setup
90 days
Default dormancy threshold (configurable)

How it works

Oleria follows a four-stage process to surface inactive licensed accounts:

Step 1 — Ingesting Identity Data from HR & SaaS Applications Oleria connectors pull identity records from HR systems (Workday, BambooHR), IDPs (Okta, Entra ID), and SaaS applications (Salesforce, GitHub, Snowflake, Microsoft 365, and more). License assignment data is ingested alongside access data.

Step 2 — Normalizing and Correlating the Oleria Access Graph Records are deduplicated and correlated into the Access Graph. Each identity object — human or non-human — is enriched with employment status, account status, group memberships, role assignments, and last-activity timestamps at the application level.

Step 3 — Evaluating Multi-System Dormancy Thresholds Oleria Trustfusion, an AI native Identity Security Platform applies the configured dormancy threshold against application-level activity signals. Accounts that have not performed any meaningful action within the window — and still hold a license assignment — are flagged as inactive-licensed.

Step 4 — Surfacing Security Findings and Initiating Remediation Findings appear in the Access Inventory and Posture Dashboard. Security or IT owners can review them in the Identity 360 View, launch a Posture Campaign, assign ownership, and track revocation through to closure. An audit trail is maintained for compliance evidence.

WHAT GOOD LOOKS LIKE

A mature implementation of this use case produces measurable, repeatable outcomes across people, process, and technology:

·     Zero surprise licenses. Every licensed account in every SaaS application is known to the identity security team, regardless of how it was provisioned.

·     Dormancy SLA met. Inactive licensed accounts are identified within one business day of crossing the dormancy threshold and remediated within an agreed SLA (typically 5–10 business days).

·     Offboarding completeness. When an employee is terminated, all downstream SaaS licenses are revoked automatically or flagged for review within 24 hours — with evidence captured for SOX/ISO 27001 audits.

·     NHI included. Non-human identities (service accounts, OAuth grants, shared accounts) are part of the same dormancy workflow, not handled separately or ignored.

·     License reclamation tracked. The number of licenses reclaimed per quarter is reported to finance and security leadership as a KPI, closing the loop between identity security and SaaS cost management.

·     Audit-ready evidence. Each remediation action — who flagged it, who approved it, when it was revoked — is logged in Trustfusion and exportable for auditor review.

Ready to eliminate your identity blind spots?

Don't let inactive accounts compromise your security or inflate your SaaS budget today to see Oleria Trustfusion in action.

Book a demo

Frequently Asked Questions

How does Oleria define "inactive"?

Dormancy is configurable per organization. The default threshold is 90 days of no recorded application-level activity. Admins can set different thresholds by application risk tier — e.g., 30 days for privileged admin accounts and 90 days for standard SaaS users. Oleria uses real application activity signals, not just IDP last-login.

What counts as a "license" in Oleria?

Oleria ingests license assignment data from SaaS connectors (e.g., Microsoft 365 E3/E5 SKUs, Salesforce license types, GitHub seats). Any account with an active license assignment is included in dormancy evaluation, regardless of how the license was allocated.

Does Oleria cover non-human identities for this use case?

Yes. Service accounts, shared accounts, and application identities (OAuth grants, API keys, managed identities) are included in the Access Graph and subject to the same dormancy evaluation as human accounts — a gap in traditional ITAM and access review tools.

Can Oleria automatically revoke licenses, or does it just flag them?

Trustfusion surfaces findings and initiates Posture Campaigns, which can integrate with IDP workflows and ITSM tools (ServiceNow, Jira) for automated or guided remediation. Most organizations start with guided remediation and move toward automation once confidence in the signal is established.

How does this differ from what our IDP already does?

IDPs track authentication events but lack visibility into application-level activity within SaaS tools and do not correlate license data across applications. A user who last authenticated to Okta last week but has not opened Salesforce in six months will appear "active" in the IDP. Oleria sees the full picture.

How quickly can we see results after deployment?

Most customers see their first inactive-licensed account findings within hours of completing connector setup. A full baseline — all applications with dormancy applied — is typically available within 24–48 hours of initial ingestion.

Is this useful for SOX or ISO 27001 compliance?

Yes. Both frameworks require evidence of periodic access reviews and timely deprovisioning. Trustfusion provides continuous monitoring (real-time currency vs. point-in-time snapshots) and a full audit trail of remediation actions, exportable for auditor review.

Related articles
This is some text inside of a div block.

Answer NHI questions in plain English - no query language required

Read more
This is some text inside of a div block.

Complete ServiceNow integration credential inventory - audit-ready in hours, not weeks

Read more
This is some text inside of a div block.

Detect inactive accounts that still hold licenses

Read more