Brokered Access

Brokered access is a model where the user or workload proves identity to an intermediate control plane that issues short-lived access instead of exposing a reusable secret. For privileged operations, this shifts governance from secret storage to session control, auditability, and timely revocation.

Expanded Definition

Brokered access is a control pattern in which an intermediate authority authenticates a user, service, or agent and then issues a short-lived session, token, or delegated grant instead of exposing a reusable secret. It is closely related to Zero Trust Architecture and privileged access workflows, but definitions vary across vendors on whether the broker is a gateway, vault, identity provider, or policy engine. In practice, the broker centralises session policy, approval, logging, and revocation so access can be time-bound and context-aware rather than permanently embedded in code or stored credentials. For a broader NHI context, the Ultimate Guide to NHIs is useful, and the session-first model aligns with the OWASP Non-Human Identity Top 10 emphasis on reducing standing credential exposure. The most common misapplication is treating brokered access as a cosmetic proxy layer, which occurs when long-lived credentials remain available behind the broker.

Examples and Use Cases

Implementing brokered access rigorously often introduces session orchestration overhead, requiring organisations to weigh stronger governance against added latency and integration complexity.

• A CI/CD pipeline requests production database access through a broker that issues a one-hour token after policy checks and approval.
• An AI agent receives delegated API access only for a bounded task, then the broker revokes the session when the task completes.
• A privileged operator uses brokered access for emergency SSH access, with the broker recording command-level activity for audit.
• A third-party service integration authenticates to an identity gateway instead of carrying a shared API key across environments.

These patterns are easier to defend when tied to lifecycle controls described in the Ultimate Guide to NHIs — Key Challenges and Risks. They also map well to the policy and federation guidance commonly discussed in the OWASP Non-Human Identity Top 10. In operational terms, brokered access is most valuable when access must be granted quickly, but not left in place after the job finishes.

Why It Matters in NHI Security

Brokered access matters because it moves the security boundary from secret custody to session governance. That shift reduces the blast radius of compromise, improves revocation, and makes privileged use observable. It is especially important for NHIs, where excessive privilege and stale secrets are common failure modes. NHI Mgmt Group research shows that Ultimate Guide to NHIs reports 97% of NHIs carry excessive privileges, which is exactly the kind of exposure brokered access is designed to limit. It also supports the guidance in the 52 NHI Breaches Analysis, where compromised credentials often become the initial foothold. For governance teams, the practical question is not whether access exists, but whether it can be time-boxed, attested, and revoked without delay. Organisations typically encounter the operational need for brokered access only after a secret leak, overprivileged automation failure, or audit finding, at which point the model becomes unavoidable to address.

Related resources from NHI Mgmt Group

• What is Just-in-Time (JIT) access and why is it important for NHI security?
• When is it crucial to implement least-privilege access for AI agents?
• How should security teams run access reviews for non-human identities?
• How should security teams govern non-human identities that have persistent access?