Non-human identities
Okta Identity Security Posture Management (ISPM) helps secure both human and non-human identities (NHI) in your org.
Typically, human identities are associated with employee accounts. NHI can include service accounts, API keys, tokens, users with access to API keys and tokens, AI agents, and more. These identities are interconnected in complex ways. Human identities serve as the foundation and control point for NHI, while NHI extend and amplify human capabilities across cloud platforms.
Traditional enterprise security solutions usually work towards protecting human identities in an org. However, most SaaS applications also have non-human identities. These non-human identities often have elevated privileges that affect a large number of resources, are inactive or stale, and are difficult to monitor.
For example, when an employee leaves a company, their account (human identity) gets deactivated. However, it's challenging to identify their associated service accounts, API keys, automation scripts, and machine identities that often have elevated access. These factors make NHIs a potential target for malicious actors.
Okta continuously pulls data from apps that you integrated with ISPM and identity providers. This allows ISPM to continuously discover the associated NHIs and provide details about issues detected with these identities.
Depending on the app integration, ISPM analyzes the following NHIs based on their login methods:
-
User or system-created identities that are used for automations, integrations, or shared access.
-
API keys and tokens, such as AWS Access keys, Okta API tokens, Snowflake Key-pair, and GitHub Personal Access tokens and SSH keys.
-
AI Agents, such as Agentforce for Sales AI agents.
ISPM helps you manage the growing sprawl of NHIs in the following ways.
Discover NHIs
Get a prioritized list of service accounts, API keys, tokens, users with keys and tokens, and users associated with Salesforce.com AI Agents on the Non Human Identities page in the Inventory. ISPM prioritizes these based on the level of permissions and risk. For a given NHI, the page also displays details about identity types, privileges, login methods, and more. You can view the details about the login methods, such as key name, last rotation, creation and expiration date, by clicking on the account.
Additionally, when ISPM detects the following NHIs, it adds labels that make it easier to monitor, track, and filter:
-
User-created or system identities used for automations, integrations, or shared access.
Label: Service Accounts
-
Users (employee users or service accounts) who have non-human login methods, such as keys and tokens associated with their account.
Label: Keys or tokens
ISPM also adds details such as key name, last rotation, and expiration date.
-
AI Agents associated with user identities
Label: AI Agent
-
High privileges associated with non-human identities
Label: Admin or Super Admin
Detect NHI-related issues
ISPM identifies and prioritizes active issues associated with NHI for your orgs and displays the information in the ISPM console. You can view a high-level count of NHI-specific issues in your org from the Non Human identities risk status category card on the Dashboard. You can also get a prioritized list of NHI-related issues on the Issues page. Currently, ISPM flags 19 issue detections with an NHI label. See Supported detections.
The NHI-related issue detections cover the following use cases and are aligned with the OWASP top risks for 2025.
Use cases covered by ISPM detections |
Associated OWASP category |
---|---|
Over privileged admin service accounts, Unused service accounts, Unused tokens and keys |
NHI1:2025 Improper Offboarding
NHI5:2025 Overprivileged NHI NHI3:2025 Vulnerable Third-Party NHI |
Unrotated keys and tokens, Unrotated passwords for service accounts, Risky and toxic combinations, such as No MFA, Old Password, Overprivileged Admin Service accounts |
NHI4:2025 Insecure Authentication
NHI7:2025 Long-Lived Secrets |
Console access to service accounts | NHI9:2025 NHI Reuse
NHI10:2025 Human Use of NHI |
Remediate detected NHI issues
When ISPM detects NHI issues in your org, you can remediate those issues automatically or manually.
Automated remediation
You can leverage existing integrations and automatically remediate NHI issues for your org using ISPM event hooks and Okta Workflows. For example, ISPM detects unused admin service accounts with old passwords and no MFA, which is a combination of high risk issues. You can configure event hooks in ISPM and set up flows using those hooks in Workflows to take custom actions, such as automatically suspend the account and notify the app owner.
Manage service accounts
If you're subscribed to Okta Privileged Access, you can manage, secure passwords and implement other security measures for SaaS apps and Okta service accounts from the Okta admin console. See Manage service accounts (Okta Identity Engine) or Manage service accounts (Okta Classic Engine)