Extended access management for AI agents and unmanaged identities

At a glance

What this is: This is 1Password’s partnership post, but its key security claim is that legacy IAM, IGA, and MDM controls do not reach the unmanaged identities, apps, devices, and AI agents now accessing sensitive data.

Why it matters: It matters because IAM teams must treat unmanaged access as a governance problem across NHI, autonomous, and human identity programmes, not as a narrow endpoint or SSO issue.

By the numbers:

• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
• Only 5.7% of organisations have full visibility into their service accounts.

👉 Read 1Password's post on extended access management and the Red Bull Racing partnership

Context

Extended access management is the practice of extending identity governance beyond managed users and devices to the unmanaged accounts, applications, and machine identities that still reach sensitive data. In this article, 1Password uses that framing to argue that the access problem is now larger than traditional IAM boundaries.

For IAM leaders, the useful takeaway is not the partnership itself but the control gap it highlights: legacy programmes often stop where federated login, managed endpoints, and standard recertification end. That leaves service accounts, tokens, and AI-connected access paths outside the same governance discipline that human identities already receive.

Key questions

Q: How should security teams govern unmanaged identities that sit outside IAM and MDM coverage?

A: Start by inventorying the identities that never enter the normal joiner, mover, leaver process, including service accounts, API keys, tokens, and agent credentials. Then assign ownership, review cadence, and revocation triggers so the access can be governed even when it is not centrally provisioned. The goal is to make unmanaged access visible enough to control.

Q: Why do unmanaged apps and machine identities increase identity risk?

A: Because they can authenticate to critical systems without going through the same lifecycle controls used for human users. That means access may persist after business need changes, monitoring may miss the true actor, and revocation can lag behind exposure. Once access falls outside the managed control plane, governance becomes partial by design.

Q: What do teams get wrong about governing AI agents as identities?

A: They often treat AI agents as if they were just another automation job, then inherit controls that assume fixed behaviour and stable privilege. In practice, agentic access needs explicit scope, named ownership, and short-lived credentials because the execution context can change faster than normal review cycles. Human-style recertification is not enough.

Q: How do IAM and NHI programmes work together in extended access management?

A: IAM provides the policy, authentication, and lifecycle discipline, while NHI governance handles the credential, workload, and machine access layer that traditional IAM often misses. Extended access management only works when both layers are connected to one inventory and one accountability model. Without that linkage, the same access gap simply shifts location.

Technical breakdown

Why unmanaged identities break traditional IAM scope

Traditional IAM assumes the organisation can enumerate users, devices, and apps through central directories and lifecycle processes. Unmanaged identities do not behave that way. They often sit outside SSO, outside MDM, and sometimes outside IGA coverage altogether, yet they still authenticate to SaaS, APIs, and internal systems. That creates a governance blind spot: the access exists, the risk exists, but the control plane does not fully see it. Practical implication: treat unmanaged access as a first-class inventory and governance problem, not as an exception list.

Practical implication: build a separate inventory and review process for access that sits outside directory-managed controls.

AI agents and the access-trust gap

The article’s mention of AI agents matters because agentic systems can request tools, act on data, and persist access through non-human credentials. Even when the behaviour is constrained, the identity subject is no longer a simple human user. That changes the meaning of entitlement, monitoring, and revocation. In practice, access is granted to an execution context that can outlive the session where it was approved. Practical implication: define which agent actions are allowed, which secrets they may touch, and what evidence proves the access is still valid.

Practical implication: map every agent credential to a named business purpose, owner, and revocation trigger.

Why extended access management sits between IAM and NHI governance

Extended access management is best understood as a bridge discipline. It borrows IAM concepts such as authentication, policy, and lifecycle control, while also dealing with NHI realities such as secrets, tokens, and workload access. The important architectural point is that governance must follow the actor type, not the access channel. A human, a service account, and an AI agent may all reach the same data, but they should not be governed with the same assumptions or cadence. Practical implication: align controls to actor type and entitlement duration, not to whether the app is managed.

Practical implication: segment governance by actor type so reviews, rotation, and offboarding match the identity subject.

NHI Mgmt Group analysis

Extended access management is a response to governance blind spots, not just product sprawl. The article is effectively arguing that identity programmes have outgrown the boundaries of managed devices and federated sign-in. That matters because the access surface now includes service accounts, tokens, unmanaged apps, and AI-connected execution paths that legacy tools only partially see. Practitioners should read this as a control-plane gap, not a branding change.

The Access-Trust Gap is the right name for the new failure mode. The article points to a condition where identities can still reach sensitive systems even though they sit outside normal governance loops. That gap is especially visible when unmanaged credentials and AI agents operate faster than review, recertification, or endpoint compliance cycles. The practitioner conclusion is that access trust must be proven continuously across all actor types.

Human IAM controls do not automatically generalise to NHI and agentic access. A human can be enrolled, challenged, and recertified through familiar lifecycle controls, but service accounts and AI agents often lack the same observable cues. The result is that existing IAM discipline can look complete while large portions of operational access remain ungoverned. Security teams should stop assuming a single access model fits all identities.

Identity lifecycle governance has become cross-domain infrastructure. Offboarding, entitlement review, and access renewal now need to operate across people, machine identities, and autonomous execution contexts. The discipline is the same, but the actors behave differently, so the control evidence must differ too. The implication for programme leaders is to redesign lifecycle governance around actor type, not around legacy directory boundaries.

From our research:

• Only 5.7% of organisations have full visibility into their service accounts, according to The Ultimate Guide to NHIs.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to the same research.
• For a broader view of breach patterns behind these governance gaps, see The 52 NHI breaches Report for the control failures that recur across real incidents.

What this signals

Extended access management only becomes operational when teams stop treating unmanaged access as an exception. The practical shift is toward one inventory that spans human, machine, and agent identity, with separate lifecycle rules for each actor type. If you are still relying on directory completeness as your source of truth, the governance model is already behind the access surface.

Service account visibility is still the baseline problem. With only 5.7% of organisations having full visibility into their service accounts, most programmes cannot prove that non-human access is under control. That means the next maturity step is not more reporting, but identity discovery that covers the systems legacy IAM never enumerated.

Access trust will increasingly be judged by evidence, not policy language. Teams should expect auditors and internal risk owners to ask which identities are outside SSO, which ones can act autonomously, and how quickly they can be revoked. That is the practical direction of travel for identity governance as cloud, workload, and agentic access converge.

For practitioners

• Inventory unmanaged access paths Map every application, token, service account, and agent credential that authenticates outside your managed IAM estate, then assign an owner and review cadence for each one. Use the inventory to identify where SSO, IGA, and MDM never had coverage in the first place.
• Separate human and non-human lifecycle controls Create distinct offboarding, rotation, and recertification workflows for human users, service accounts, and AI agents so that each actor type is governed by its own evidence and revocation trigger. Do not reuse a human access review template for machine access.
• Tie agent permissions to narrow business purposes For any AI agent or automation that can touch sensitive data, define the exact task scope, approved tools, and credential lifetime before deployment. Revoke the access when the business purpose ends, not when a generic quarterly review arrives.
• Close the visibility gap around secrets Review where credentials are stored, transmitted, and reused across apps and workflows, then eliminate hidden copies in scripts, configuration files, and shared tooling. Prioritise credentials that never pass through the central identity stack.

Key takeaways

• The post’s real security message is that unmanaged access has become a governance problem, not a niche endpoint issue.
• The evidence gap is substantial, with most organisations still lacking full visibility into service accounts and related machine identities.
• IAM teams should separate human, machine, and agent lifecycle controls so access review, revocation, and ownership match the actor type.

Key terms

• Extended access management: An identity governance approach that extends control beyond managed users and devices to the apps, secrets, tokens, and machine identities that still reach sensitive data. It matters because access can exist outside the systems that traditional IAM, IGA, and MDM use as their control boundary.
• Access-trust gap: The gap between the access an identity can still use and the governance evidence an organisation has for that access. In practice, it shows up when an identity is active outside normal lifecycle controls, leaving security teams unable to prove who or what should still have access.
• Unmanaged identity: Any identity that can authenticate or act without being fully controlled by the organisation’s standard identity stack. That includes service accounts, API keys, tokens, and some AI agents. The risk is not just visibility loss. It is loss of ownership, lifecycle control, and reliable revocation.
• Identity lifecycle governance: The discipline of controlling identity creation, change, review, and removal across humans, machine identities, and autonomous systems. The core principle is the same across actor types, but the evidence, cadence, and revocation triggers must match how each identity actually behaves.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by 1Password: extended access management and the Red Bull Racing partnership. Read the original.