Identifying inactive identities
Identities are considered inactive when they aren't logged in or used in 30 days. You can review which users, service IDs, trusted profiles, and API keys in your account are inactive. You might want to remove inactive identities if they are no longer needed. Removing access for inactive identities can reduce the risk of unauthorized access to your IBM Cloud resources and help you manage access more efficiently.
To manage inactive identities, you must be assigned the Administrator role on the IAM Identity Service.
When you delete an identity from the table, for example a user, and click Update report, it takes a few minutes for a new report to exclude the deleted user.
Managing inactive identities in the console
To view inactive identities in the console, complete the following steps:
-
In the IBM Cloud console, click Manage > Access (IAM), and select Inactive identities.
-
Click Update report to view the most recent report of the inactive identities in your account.
Only the most recent report is available. Reports older than a day are deleted when generating a new report.
-
Select a tab to review a list of inactive identities.
-
To delete inactive identities that are no longer in use, click the Actions icon > Remove.
Before you delete an identity, confirm that they are inactive for at least 30 days.
To learn more about the implications of removing or deleting identities in your account, review the following documentation: