Any alternate access path that bypasses the main enterprise identity flow, such as self-registration, password reset, or ad hoc invitation mechanics. Side doors are risky because they often escape the same assurance checks as SSO and can quietly become the real entry point.
Expanded Definition
Side-door enrollment is any alternate path that creates or activates an identity outside the primary enterprise identity workflow. In NHI and agentic AI environments, that can include self-registration, password reset flows, magic links, invitation codes, delegated onboarding, or app-specific account creation that bypasses SSO governance. The core risk is not the path itself, but the fact that side doors often inherit weaker proofing, lighter review, and inconsistent logging than the main access path.
Definitions vary across vendors because some teams use the term narrowly for account creation bypasses, while others include any secondary trust establishment that can lead to standing access. For practical governance, NHI Management Group treats side-door enrollment as any workflow that can mint, reactivate, or elevate an identity without the same assurance checks as the authoritative identity source. That framing aligns with the control intent discussed in the OWASP Top 10 for Agentic Applications 2026 and the broader risk discipline in the NIST AI Risk Management Framework. Side-door enrollment is commonly misapplied when teams assume any flow branded as onboarding is automatically equivalent to centrally governed identity proofing.
Examples and Use Cases
Implementing enrollment controls rigorously often introduces friction for legitimate users, requiring organisations to weigh conversion speed and support simplicity against identity assurance and auditability.
- A SaaS platform allows users to self-register with email verification, but no admin approval or domain control check exists, so external actors can create accounts and later request privileged access.
- An AI agent platform supports ad hoc invitation links for contractor onboarding, yet those links never expire and are not tied to a sponsoring owner, creating a durable side-door into the tenant.
- A recovery workflow lets anyone who knows a username trigger password reset, but the reset channel is weaker than the SSO path, turning account recovery into the easiest entry point.
- An internal tool permits local account creation for “emergencies” when SSO is unavailable, but those accounts are not reconciled back to the identity source and remain active indefinitely.
- The pattern appears in breach writeups such as the AI LLM hijack breach, where access paths outside the normal trust boundary become a practical attack route, and is consistent with the abuse patterns described in the OWASP Agentic AI Top 10.
These use cases also show why organizations should distinguish enrollment from authorization. A side-door may be appropriate for usability, but only if it includes ownership checks, traceable approval, and synchronization with the authoritative identity lifecycle. The Moltbook AI agent keys breach illustrates how quickly weak secondary paths can expand into broader access exposure.
Why It Matters in NHI Security
Side-door enrollment matters because NHI attacks rarely begin with the clean, well-documented path that defenders expect. Attackers look for the easiest path to create, recover, or reactivate identities, especially where automation, invitations, or recovery links are treated as low-risk convenience features. When those paths are not bound to the same governance as SSO, they become the practical route for secret theft, unauthorized agent setup, and persistence.
This is not hypothetical. In NHIMG research on compromised NHIs, attackers attempted access to exposed AWS credentials in an average of 17 minutes, and as quickly as 9 minutes in some cases, which shows how fast a weak enrollment or recovery path can be weaponized once discovered in the wild. The same risk pattern is visible in the DeepSeek breach, where exposed records included credentials and API keys, and in the Ultimate Guide to NHIs, which frames NHI governance as a lifecycle problem, not just a login problem. Controls should therefore cover proofing, approval, expiration, logging, and reconciliation back to the primary identity source, with guidance from the NIST AI 600-1 Generative AI Profile. Organisations typically encounter the real cost only after an account takeover, agent misuse, or incident review, at which point side-door enrollment becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Side-door enrollment often bypasses secret and identity lifecycle controls in NHI systems. |
| OWASP Agentic AI Top 10 | A2 | Agent enrollment bypasses can create unauthorized tool access and rogue agent initialization. |
| NIST CSF 2.0 | PR.AC-1 | Access control depends on authenticated, governed identity establishment and provisioning. |
Require every alternate enrollment path to inherit the same proofing, approval, and logging controls as primary identity onboarding.
Related resources from NHI Mgmt Group
- Why does MFA enrollment matter so much in NHI and IAM security?
- Why do MCP tools need server-side policy checks instead of token-only controls?
- Should organisations allow AI agents to perform side-effecting actions through MCP?
- How should security teams govern AI agents that act faster than directory enrollment?
