Agentic AI and disconnected apps expose the identity last mile

At a glance

What this is: This is an on-demand webinar about how agentic AI intersects with disconnected applications, and its key finding is that the identity last mile still leaves many enterprise apps outside traditional control planes.

Why it matters: It matters because IAM, NHI, and lifecycle teams still have to govern access paths that live in spreadsheets, emails, and help desk workflows even as automation and AI reshape the operating model.

By the numbers:

• 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.

👉 Watch Cerby's on-demand webinar on agentic AI and the identity last mile problem

Context

Agentic AI can change how identity work is executed, but it does not remove the underlying problem of disconnected applications. In practice, the identity last mile is where enterprise controls still break down, because approvals, lifecycle changes, and access reviews often happen outside the systems that IAM teams can see and enforce.

This article focuses on that gap rather than on AI as a standalone control layer. For IAM, NHI, and lifecycle programmes, the real question is how to bring unmanaged application access into the same governance model that already exists for accounts, tokens, and privileged workflows.

Key questions

Q: What breaks when disconnected applications are not brought into identity governance?

A: When disconnected applications sit outside the identity system, provisioning, review, and offboarding become inconsistent and hard to evidence. Access can persist after business need ends, audit trails fragment, and incident response loses confidence in who still has access. The result is not only operational drag but a control gap that weakens the entire identity perimeter.

Q: Why do disconnected apps create more risk than other identity exceptions?

A: Disconnected apps create more risk because they often combine manual fulfilment, weak revocation, and poor visibility in the same place. That makes them hard to certify and easy to forget. In practice, the risk is less about the app category itself and more about the absence of enforceable lifecycle control at the point where access actually changes.

Q: How can teams tell whether automation is really improving identity governance?

A: Teams should look for measurable outcomes, not workflow speed. If automation does not reduce manual exceptions, shorten revocation time, or improve audit evidence for disconnected apps, it is not improving governance. Good automation leaves a reliable record of who approved access, who changed it, and when the entitlement state actually changed.

Q: Who is accountable for access in disconnected applications?

A: Accountability should sit with the application owner, the identity governance function, and the business approver together, because disconnected access usually spans multiple teams. If one group cannot revoke or prove access changes on its own, accountability is shared but must still be explicit. Without named ownership, exceptions become permanent rather than temporary.

Background and context

Why disconnected apps become identity blind spots

Disconnected applications are systems that do not sit cleanly inside central identity integrations, so access changes are often handled through manual tickets, spreadsheets, or email approvals. That creates a governance split between the policy system and the actual access state. In many enterprises, the account may exist, but the lifecycle event that should govern it never reaches the right control point. The result is not just inconvenience. It is an enforcement gap where entitlements persist, reviews are incomplete, and offboarding can lag behind reality.

Practical implication: map every disconnected app to an owner, a lifecycle path, and a review cadence before treating it as governed.

What agentic AI can automate, and what it cannot

Agentic AI can orchestrate repetitive identity tasks, but orchestration is not the same as governance. If the application itself is disconnected, the agent may be able to move faster than humans, yet still lack authoritative visibility into whether access was approved, whether the app supports revocation, or whether the workflow leaves an audit trail that compliance can trust. That means the limiting factor is not task execution speed. It is whether the control architecture has a reliable source of truth for the application and its identities.

Practical implication: use agentic automation only where the access source, decision record, and revocation path are all measurable.

Identity lifecycle management in the last mile

Lifecycle management becomes harder when applications are outside the normal identity perimeter because joiner, mover, and leaver actions have to be enforced through secondary processes. That includes app assignment, deprovisioning, and recertification. The deeper issue is that the organisation may believe it has lifecycle coverage when it actually has process coverage only. A process can exist on paper while the system of record remains fragmented across people and tools.

Practical implication: treat disconnected apps as lifecycle exceptions until automated offboarding and review evidence are provable.

NHI Mgmt Group analysis

Disconnected apps are an identity governance problem, not an integration nuisance. When nearly half of enterprise applications sit outside traditional identity systems, the issue is not cosmetic fragmentation. It is that the organisation has more access paths than it can govern consistently, which turns lifecycle management into an exception process instead of a control function. Practitioners should treat disconnected applications as first-order identity infrastructure.

Agentic automation does not close the last mile unless the last mile is already instrumented. The article correctly separates automation from governance: a faster workflow does not fix an unowned application, a missing revocation path, or a review process with no authoritative source of truth. The field should stop assuming that AI can substitute for control coverage. Practitioners must re-evaluate where their programme still depends on human-mediated fulfilment.

Last-mile identity debt: Disconnected applications accumulate governance debt when provisioning, offboarding, and recertification are handled through spreadsheets and email instead of enforceable identity flows. That debt compounds because every manual exception weakens the confidence of the broader IAM model. The implication is that identity maturity cannot be claimed from the centre if the edge still runs on ad hoc process.

Lifecycle coverage must be measured by revocation and auditability, not by policy intent. Many programmes can describe how access should be handled, but cannot prove that disconnected app access is actually removed or reviewed on time. That distinction matters because auditors, incident responders, and IAM teams need evidence, not intentions. Practitioners should judge coverage by whether the control leaves a durable trail.

Identity perimeter thinking is returning through the back door. The article’s core message is that enterprises have not eliminated perimeter problems. They have relocated them into unmanaged applications, shadow workflows, and hybrid fulfilment paths. For identity leaders, the practical conclusion is that modern governance now depends on extending control to the places central IAM never fully reached.

From our research:

• 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• That control gap matters even more in disconnected application environments, where identity evidence is already fragmented and lifecycle closure is hard to prove.

What this signals

Last-mile identity debt: disconnected applications will remain a recurring governance risk until enterprises stop treating manual workflows as acceptable exceptions. The practical signal is simple: if offboarding, recertification, and access changes cannot be evidenced from a control system, the application is not truly in the identity perimeter.

The next phase of identity programme maturity will be measured less by how much automation exists and more by whether automation reaches the unmanaged edge. Teams that pair lifecycle controls with authoritative application ownership will have a clearer path to auditability, incident response, and zero standing access enforcement.

For readers building their roadmap, the priority is to connect edge applications to lifecycle evidence before expanding agentic automation further. Otherwise, the organisation accelerates the same manual fragmentation it is trying to remove.

For practitioners

• Inventory disconnected applications by lifecycle risk Classify each app by who owns provisioning, who can revoke access, and whether recertification can be evidenced without manual reconstruction. Prioritise systems where spreadsheets or help desk queues are the only operating control.
• Map every manual workflow to a revocation path Document how access is removed for each disconnected app, then test whether that path works when the original requestor is unavailable. Use the result to separate real governance from process memory.
• Extend review evidence into the edge cases Require audit-ready proof for every exception app, including approval history, entitlement state, and offboarding confirmation. Where evidence cannot be produced, treat the app as unmanaged until it can.
• Use automation only after the control boundary is clear Deploy automation where the application can accept authoritative identity actions and return status reliably. If the workflow cannot confirm state change, automation should not be treated as a governance control.

Key takeaways

• Disconnected applications create a last-mile identity gap because they keep provisioning and revocation outside the systems that IAM teams can consistently govern.
• The article’s core evidence is that almost half of enterprise applications still rely on manual workflows, which preserves blind spots for lifecycle control and auditability.
• Practitioners should focus on evidence-rich lifecycle enforcement at the edge before relying on agentic automation to improve identity governance.

Key terms

• Disconnected Application: An application that does not integrate cleanly with the central identity stack, so access is often provisioned and removed through manual workflows. In identity programmes, these systems create control gaps because lifecycle events, approvals, and audit evidence can be scattered across people and tools instead of enforced in one place.
• Identity Last Mile: The final access layer where identity policy must be applied to real applications, especially ones that do not support clean centralisation. It is where governance becomes operational reality, and where manual exceptions often survive even when the core identity platform looks mature.
• Lifecycle Evidence: Proof that access changes were actually approved, applied, and removed as intended. In mature identity governance, evidence matters as much as policy because auditors, incident responders, and access reviewers need to verify the state of access, not just the process used to request it.
• Identity Perimeter: The practical boundary of systems and applications that identity teams can govern with reliable policy, review, and revocation. For disconnected environments, the perimeter is often smaller than the application estate, which is why unmanaged edge systems create recurring blind spots.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance maturity, it is worth exploring.

This post draws on content published by Cerby: Agentic AI vs. Identity’s Last Mile Problem. Read the original.