Vendor Capability:
Visibility is key to securing non-human identities. Without it, shadow NHIs, excessive permissions, and privilege escalations go unnoticed, creating security gaps. A strong visibility solution maps all NHIs, including their permissions and dependencies, then flags risky accounts.
With identity access graphs and auto-discovery, security teams can track permissions, uncover shadow NHIs, and find privilege escalation paths. Clear visibility means fewer blind spots and stronger security.
Questions to ask an NHI Provider:
How does your solution maintain a continuous and updated inventory of NHIs, authentication methods, and entitlements across environments?
Can you detect and provide visibility into unfederated accounts, third-party access, and external users that bypass IdP or SSO authentication?
Does your platform classify and prioritize NHIs based on function, criticality, and access to sensitive systems?
Do you offer an identity access graph to map permissions, dependencies, and consumption patterns?
Can your solution trace NHIs back to the code that created them? Does it support infrastructure such as Code (Terraform, CloudFormation, Pulumi, etc.)? Can it also link NHIs to the human owners for managing the IaC?
Functionalities
Description
Continuous and updated NHI inventory
Build and maintain an updated inventory of NHIs, authentication methods and entitlements across systems, environments, and accounts.
Identity type classification and identity prioritization
Identify and distinguish human users from non-humans, categorizing NHIs based on their function, criticality, and level of access to sensitive systems or data.
Visibility to local and unfederated accounts (Okta bypass authentication using local users in cloud accounts)
Gain visibility into and discover accounts that are not connected to your IdP or SSO.
Visibility to external users (3rd party, contractors, etc.)
Gain visibility into any non-employee accounts that have access to your organization, including contractors, partners, and more.