Non-human identities

Okta Identity Security Posture Management (ISPM) helps secure both human and non-human identities (NHI) in your org.

Typically, human identities are associated with employee accounts. NHI can include service accounts, API keys, tokens, users with access to API keys and tokens, AI agents, and more. These identities are interconnected in complex ways. Human identities serve as the foundation and control point for NHI, while NHI extend and amplify human capabilities across cloud platforms.

Traditional enterprise security solutions usually work towards protecting human identities in an org. However, most SaaS applications also have non-human identities. These non-human identities often have elevated privileges that affect a large number of resources, are inactive or stale, and are difficult to monitor.

For example, when an employee leaves a company, their account (human identity) gets deactivated. However, it's challenging to identify their associated service accounts, API keys, automation scripts, and machine identities that often have elevated access. These factors make NHIs a potential target for malicious actors.

Okta continuously pulls data from apps that you integrated with ISPM and identity providers. This allows ISPM to continuously discover the associated NHIs and provide details about issues detected with these identities.

Depending on the app integration, ISPM analyzes the following NHIs based on their login methods:

  • User or system-created identities that are used for automations, integrations, or shared access.

  • API keys and tokens, such as AWS Access keys, Okta API tokens, Snowflake Key-pair, and GitHub Personal Access tokens and SSH keys.

  • AI Agents, such as Agentforce for Sales AI agents.

ISPM helps you manage the growing sprawl of NHIs in the following ways.

Discover NHIs

Get a prioritized list of service accounts, API keys, tokens, users with keys and tokens, and users associated with Salesforce.com AI Agents on the Non Human Identities page in the Inventory. ISPM prioritizes these based on the level of permissions and risk. For a given NHI, the page also displays details about identity types, privileges, login methods, and more. You can view the details about the login methods, such as key name, last rotation, creation and expiration date, by clicking on the account.

Additionally, when ISPM detects the following NHIs, it adds labels that make it easier to monitor, track, and filter:

  • User-created or system identities used for automations, integrations, or shared access.

    Label: Service Accounts

  • Users (employee users or service accounts) who have non-human login methods, such as keys and tokens associated with their account.

    Label: Keys or tokens

    ISPM also adds details such as key name, last rotation, and expiration date.

  • AI Agents associated with user identities

    Label: AI Agent

  • High privileges associated with non-human identities

    Label: Admin or Super Admin

Detect NHI-related issues

ISPM identifies and prioritizes active issues associated with NHI for your orgs and displays the information in the ISPM console. You can view a high-level count of NHI-specific issues in your org from the Non Human identities risk status category card on the Dashboard. You can also get a prioritized list of NHI-related issues on the Issues page. Currently, ISPM flags 19 issue detections with an NHI label. See Supported detections.

The NHI-related issue detections cover the following use cases and are aligned with the OWASP top risks for 2025.

Use cases covered by ISPM detections

Associated OWASP category

Over privileged admin service accounts,

Unused service accounts,

Unused tokens and keys

NHI1:2025 Improper Offboarding

NHI5:2025 Overprivileged NHI

NHI3:2025 Vulnerable Third-Party NHI

Unrotated keys and tokens,

Unrotated passwords for service accounts,

Risky and toxic combinations, such as No MFA, Old Password, Overprivileged Admin Service accounts

NHI4:2025 Insecure Authentication

NHI7:2025 Long-Lived Secrets

Console access to service accounts NHI9:2025 NHI Reuse

NHI10:2025 Human Use of NHI

Remediate detected NHI issues

When ISPM detects NHI issues in your org, you can remediate those issues automatically or manually.

Automated remediation

You can leverage existing integrations and automatically remediate NHI issues for your org using ISPM event hooks and Okta Workflows. For example, ISPM detects unused admin service accounts with old passwords and no MFA, which is a combination of high risk issues. You can configure event hooks in ISPM and set up flows using those hooks in Workflows to take custom actions, such as automatically suspend the account and notify the app owner.

Manage service accounts

If you're subscribed to Okta Privileged Access, you can manage, secure passwords and implement other security measures for SaaS apps and Okta service accounts from the Okta admin console. See Manage service accounts (Okta Identity Engine) or Manage service accounts (Okta Classic Engine)

Related topics

Supported detections

Non-human and human identities: A unified approach