Access that is granted, routed or modified by a platform rather than by a single application or human reviewer. It becomes a governance concern when the platform hides entitlement logic inside orchestration, making review, attribution and revocation harder for IAM teams.
Expanded Definition
Platform-mediated access is distinct from direct application-level authorization because the platform itself becomes the control plane for entitlement creation, routing, and revocation. In NHI security, that means the access decision may live inside orchestration logic, workflow state, policy engines, or platform defaults rather than in a visible IAM record. The result is often a layered permission path that is technically valid but difficult to audit end to end.
Definitions vary across vendors, but the security question is consistent: can IAM teams trace who or what granted access, under what policy, and how quickly it can be removed? That concern maps closely to the governance themes in the OWASP Non-Human Identity Top 10 and the lifecycle emphasis in the Ultimate Guide to NHIs. Platform-mediated access is not the same as simple delegated administration, because the platform may dynamically alter scope based on state, workload context, or embedded policy.
The most common misapplication is treating platform-generated entitlements as if they were manually approved and clearly attributable, which occurs when orchestration layers mask the actual permission source.
Examples and Use Cases
Implementing platform-mediated access rigorously often introduces operational overhead, requiring organisations to balance automation speed against traceability and revocation certainty.
- A CI/CD platform creates short-lived deployment permissions for an agent, but the effective role is composed from templates, pipeline state, and environment rules.
- A data platform grants read access to an analytics service account through workspace policies that are modified automatically when projects move between stages.
- A Kubernetes control plane assigns access to service identities based on namespace defaults, admission policies, and operator logic rather than a single IAM ticket.
- A workflow engine routes approval authority through embedded policy steps, making the platform the place where access is granted and later withdrawn.
- An enterprise using zero-trust patterns ties access to device, workload, and session signals through platform policy, aligning with the model described in NIST SP 800-207.
For NHI governance, these patterns should be documented as access pathways, not just application permissions. The 52 NHI Breaches Analysis shows how hidden identity pathways become relevant after compromise, while guidance from NIST SP 800-207 helps teams map where policy enforcement actually occurs.
Why It Matters in NHI Security
Platform-mediated access matters because NHI risk grows when entitlement logic is distributed across systems that are hard to inspect. If a platform can mint, route, or extend access without leaving a clear governance trail, then revocation may miss active paths and access reviews may falsely confirm control. This is especially dangerous for service accounts, API keys, and agentic workflows, where platform behavior can expand privilege faster than IAM teams can reconcile it.
That risk is not theoretical. NHI Mgmt Group reports that 97% of NHIs carry excessive privileges and only 5.7% of organisations have full visibility into their service accounts in the Ultimate Guide to NHIs. When access is mediated by a platform, those visibility gaps become harder to close because the true grant path may be split across orchestration, policy, and downstream resources.
Organisations typically encounter the consequence only after a misrouted credential, unexpected lateral movement, or failed offboarding event, at which point platform-mediated access becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST Zero Trust (SP 800-207) and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Covers entitlement sprawl and hidden NHI access paths in platform workflows. |
| NIST Zero Trust (SP 800-207) | SC.AC | Maps to policy enforcement points and continuous access decisions in zero trust. |
| NIST CSF 2.0 | PR.AC-4 | Addresses least-privilege management for identities mediated by platforms. |
Inventory platform-granted NHI paths and document who can mint, route, or revoke each entitlement.