Subscribe to the Non-Human & AI Identity Journal

What breaks when IGA relies on tickets, flatfiles, and scripts at scale?

Coverage and consistency break first. Ticket-based fulfilment can close without actual access change, flatfiles can be stale, and scripts can fail when applications change. The result is a governance process that looks complete on paper while leaving access drift, delayed reconciliation, and audit gaps in production.

Why This Matters for Security Teams

When IGA depends on tickets, flatfiles, and scripts, governance becomes a batch process for a live identity problem. Approvals can be recorded without effective access removal, flatfiles can drift from source systems, and scripts can succeed in one application while failing silently in another. That gap turns access reviews into evidence generation instead of control enforcement.

This matters because non-human identity estates are large, fast-moving, and often opaque. NHIMG’s Ultimate Guide to NHIs — Why NHI Security Matters Now notes that only 5.7% of organisations have full visibility into their service accounts, and 90% of IT leaders say proper NHI management is essential for zero trust. In practice, those numbers show why manual fulfilment breaks down: the control plane cannot keep up with the number of identities, systems, and exceptions. Current guidance from the NIST Cybersecurity Framework 2.0 points teams toward repeatable, measurable governance outcomes, but ticket-centric execution often stops at workflow completion rather than access state verification. In practice, many security teams encounter drift only after an audit, an outage, or a breach has already exposed it.

How It Works in Practice

At scale, the failure mode is usually not a single broken process but a chain of weak handoffs. A ticket creates the appearance of approval, a flatfile feeds a downstream system with stale membership data, and a script attempts provisioning or deprovisioning without confirming the target application’s current schema, API contract, or ownership model. The result is a governance loop that depends on perfect synchronisation across tools that were never designed to stay in lockstep.

A more reliable pattern is to treat IGA as continuous state reconciliation. That means source-of-truth identity records, automated entitlement checks, event-driven provisioning, and post-action verification against the actual application state. Where possible, teams should replace static exports with direct API integration, use idempotent workflows, and require machine-readable evidence that access was created, changed, or removed. For sensitive platforms, access review should validate effective permissions, not just ticket closure.

Practical controls usually include:

  • Authoritative identity sources with clear ownership for every application and entitlement.
  • Continuous reconciliation between requested, approved, and effective access.
  • Script failure monitoring, retry logic, and exception handling with human escalation.
  • Segmentation of high-risk systems so a bad sync cannot cascade across the estate.

For NHI-heavy environments, these issues are amplified because service accounts and API keys often outlive the workflows that created them. The same NHIMG guide highlights that 71% of NHIs are not rotated within recommended time frames, which makes stale automation paths especially dangerous. The operational goal is not just faster fulfilment, but provable alignment between policy, entitlement, and runtime access. These controls tend to break down when legacy applications expose no usable API or when business units maintain local shadow processes that bypass central identity workflows.

Common Variations and Edge Cases

Tighter governance often increases operational overhead, so teams have to balance control quality against integration cost and change tolerance. That tradeoff is real in hybrid estates, where some platforms support modern APIs while others only accept batch updates or file imports.

There is no universal standard for this yet, but current guidance suggests using stronger controls where the risk is highest and accepting limited manual handling only for low-impact exceptions. For example, ticket workflows may still be acceptable for rare, human-reviewed changes if the actual entitlement state is independently reconciled afterward. Flatfiles can also remain useful as a transitional mechanism, but only when file age, ownership, and reconciliation latency are tightly monitored.

The biggest edge cases are acquisitions, third-party-managed systems, and custom applications with brittle provisioning logic. In those environments, scripts often fail because object names, fields, or APIs change faster than governance teams update automation. The practical response is to reduce trust in workflow completion alone and build evidence around actual state. That is the point where IGA stops being administrative overhead and becomes a control that can survive scale.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-03 Weak rotation and stale access state are core NHI governance failures.
NIST CSF 2.0 PR.AC-4 Access lifecycle control depends on enforcing least privilege and timely revocation.
NIST AI RMF Governance must produce traceable, verifiable outcomes across automated workflows.

Use AI RMF governance practices to define ownership, evidence, and accountability for automation.