Non-Human Identities
Service accounts, machine identities, gMSAs, managed identities, application registrations, and the lifecycle risks of non-human identities (NHI).
23 terms in Non-Human Identities
What is a Non-Human Identity?
A Non-Human Identity, often abbreviated as NHI, is a digital identity used by a system, application, service, workload, automation process, device, bot, or AI agent to access resources without direct human interaction.
What is Non-Human Identity Security?
Non-Human Identity (NHI) security covers protecting service accounts, workloads, API keys, OAuth tokens, and bots — the largest and fastest-growing identity surface.
Human Identity vs Non-Human Identity: What is the Difference?
Human and non-human identities differ in lifecycle, authentication, governance, and behavior. Learn the differences and why both need first-class identity programs.
What is a Machine Identity?
A machine identity represents devices, servers, containers, or workloads that authenticate to systems. Learn the types and how to manage them.
What is a Workload Identity?
A workload identity represents an application, service, container, or compute workload — without static credentials when done right.
What is a Service Account?
A service account is a non-human identity used by applications, services, or scripts to authenticate to other systems. Learn the types and how to govern them.
What is an API Key?
An API key is a static credential identifying a calling application. Learn what it is, the risks, and modern alternatives.
What is an OAuth Token?
OAuth tokens — access, refresh, and ID tokens — are the credentials of modern delegated authorization. Learn what each does and how to secure them.
What is a Secret in Cybersecurity?
A secret is any sensitive credential or value (password, key, token, certificate) that grants access. Learn what counts and how to manage them.
What is a Bot Identity?
A bot identity represents an automated actor — Slack bot, Teams bot, RPA bot, chat bot. Learn the types and how to govern them.
What is Non-Human Identity Governance?
Non-Human Identity governance is the discipline of ensuring NHIs are inventoried, owned, scoped, monitored, and lifecycled. Learn the framework.
What is Non-Human Identity Lifecycle Management?
NHI lifecycle management covers provisioning, ownership transfer, scoping changes, recertification, and decommissioning of non-human identities.
What is Non-Human Identity Ownership?
NHI ownership assigns a named human accountable for each non-human identity. Without ownership, NHIs become orphans and risks compound.
What is Secret Rotation?
Secret rotation is the practice of regularly changing credentials to limit the blast radius of leaks. Learn the patterns and how to automate.
What is Hardcoded Credential Risk?
Hardcoded credentials in code, configs, or infrastructure are one of the most common breach vectors. Learn the risks and how to eliminate them.
What is Orphaned Non-Human Identity?
Orphaned NHIs are non-human identities without an owner, unused, or tied to retired use cases. Learn how to find and remediate them.
What is Over-Permissioned Service Account?
An over-permissioned service account holds more privileges than its workload requires. Learn how to detect and right-size.
What is Long-Lived Secret Risk?
Long-lived secrets — credentials valid for months, years, or indefinitely — magnify any leak. Learn the risks and modern alternatives.
What is Non-Human Identity Attack Surface?
The NHI attack surface spans every credential, identity, integration, and trust path attackers can exploit. Learn the layers and how to reduce it.
Common Non-Human Identity Security Risks
From hardcoded credentials to over-permissioned SAs to orphaned identities, learn the most common NHI security risks and how to remediate.
Non-Human Identity Security Best Practices
A consolidated set of NHI security best practices covering discovery, ownership, authentication, scoping, lifecycle, monitoring, and incident response.
Non-Human Identity Security Checklist
A comprehensive checklist for NHI security covering discovery, ownership, authentication, lifecycle, monitoring, governance, and incident response.
What Is Non-Human Identity Risk?
Non-human identity risk is the security risk created by machine-driven identities such as service accounts, service principals, OAuth apps, workloads, API keys, certificates, bots, and AI agents.
See your identity risk clearly.
Start with a 1-day Proof of Value in your own environment.