← All glossary categories

Non-Human Identities

Service accounts, machine identities, gMSAs, managed identities, application registrations, and the lifecycle risks of non-human identities (NHI).

23 terms in Non-Human Identities

19 min read

What is a Non-Human Identity?

A Non-Human Identity, often abbreviated as NHI, is a digital identity used by a system, application, service, workload, automation process, device, bot, or AI agent to access resources without direct human interaction.

Non-Human IdentityService AccountAPI Key
4 min read

What is Non-Human Identity Security?

Non-Human Identity (NHI) security covers protecting service accounts, workloads, API keys, OAuth tokens, and bots — the largest and fastest-growing identity surface.

Non-Human IdentityService AccountsMachine Identity
5 min read

Human Identity vs Non-Human Identity: What is the Difference?

Human and non-human identities differ in lifecycle, authentication, governance, and behavior. Learn the differences and why both need first-class identity programs.

Non-Human IdentityIdentity SecurityService Accounts
4 min read

What is a Machine Identity?

A machine identity represents devices, servers, containers, or workloads that authenticate to systems. Learn the types and how to manage them.

Machine IdentityTLS CertificatesSSH Keys
5 min read

What is a Workload Identity?

A workload identity represents an application, service, container, or compute workload — without static credentials when done right.

Workload IdentityManaged IdentityWorkload Identity Federation
4 min read

What is a Service Account?

A service account is a non-human identity used by applications, services, or scripts to authenticate to other systems. Learn the types and how to govern them.

Service AccountNon-Human IdentityIdentity Security
5 min read

What is an API Key?

An API key is a static credential identifying a calling application. Learn what it is, the risks, and modern alternatives.

API KeyNon-Human IdentityAuthentication
5 min read

What is an OAuth Token?

OAuth tokens — access, refresh, and ID tokens — are the credentials of modern delegated authorization. Learn what each does and how to secure them.

OAuth TokenAccess TokenRefresh Token
5 min read

What is a Secret in Cybersecurity?

A secret is any sensitive credential or value (password, key, token, certificate) that grants access. Learn what counts and how to manage them.

Secrets ManagementSecretsNon-Human Identity
5 min read

What is a Bot Identity?

A bot identity represents an automated actor — Slack bot, Teams bot, RPA bot, chat bot. Learn the types and how to govern them.

Bot IdentityRPAChatbot
5 min read

What is Non-Human Identity Governance?

Non-Human Identity governance is the discipline of ensuring NHIs are inventoried, owned, scoped, monitored, and lifecycled. Learn the framework.

Non-Human IdentityIdentity GovernanceIGA
4 min read

What is Non-Human Identity Lifecycle Management?

NHI lifecycle management covers provisioning, ownership transfer, scoping changes, recertification, and decommissioning of non-human identities.

Non-Human IdentityIdentity LifecycleJML
5 min read

What is Non-Human Identity Ownership?

NHI ownership assigns a named human accountable for each non-human identity. Without ownership, NHIs become orphans and risks compound.

Non-Human IdentityIdentity GovernanceAccountability
5 min read

What is Secret Rotation?

Secret rotation is the practice of regularly changing credentials to limit the blast radius of leaks. Learn the patterns and how to automate.

Secret RotationSecrets ManagementNon-Human Identity
5 min read

What is Hardcoded Credential Risk?

Hardcoded credentials in code, configs, or infrastructure are one of the most common breach vectors. Learn the risks and how to eliminate them.

Hardcoded CredentialsSecrets in CodeSecret Sprawl
4 min read

What is Orphaned Non-Human Identity?

Orphaned NHIs are non-human identities without an owner, unused, or tied to retired use cases. Learn how to find and remediate them.

Non-Human IdentityStale IdentityIdentity Hygiene
4 min read

What is Over-Permissioned Service Account?

An over-permissioned service account holds more privileges than its workload requires. Learn how to detect and right-size.

Over-Permissioned SAService AccountsLeast Privilege
4 min read

What is Long-Lived Secret Risk?

Long-lived secrets — credentials valid for months, years, or indefinitely — magnify any leak. Learn the risks and modern alternatives.

Long-Lived SecretsStatic CredentialsNon-Human Identity
5 min read

What is Non-Human Identity Attack Surface?

The NHI attack surface spans every credential, identity, integration, and trust path attackers can exploit. Learn the layers and how to reduce it.

Non-Human IdentityIdentity Attack SurfaceIdentity Security
4 min read

Common Non-Human Identity Security Risks

From hardcoded credentials to over-permissioned SAs to orphaned identities, learn the most common NHI security risks and how to remediate.

Non-Human IdentityIdentity SecurityBest Practices
4 min read

Non-Human Identity Security Best Practices

A consolidated set of NHI security best practices covering discovery, ownership, authentication, scoping, lifecycle, monitoring, and incident response.

Best PracticesNon-Human IdentityIdentity Security
5 min read

Non-Human Identity Security Checklist

A comprehensive checklist for NHI security covering discovery, ownership, authentication, lifecycle, monitoring, governance, and incident response.

Non-Human IdentityIdentity SecurityBest Practices
5 min read

What Is Non-Human Identity Risk?

Non-human identity risk is the security risk created by machine-driven identities such as service accounts, service principals, OAuth apps, workloads, API keys, certificates, bots, and AI agents.

Non-Human IdentityService AccountsMachine Identity

See your identity risk clearly.

Start with a 1-day Proof of Value in your own environment.

We respect your privacy

We use cookies to keep this site secure and working properly. With your permission, we also use optional cookies to understand usage and improve the experience. Cookie Policy

You can change your choice at any time.

Non-Human Identities Glossary | Identity Security Terms | Forestall