TL;DR: Fragmented identity data across HR systems, directories, contractors, vendors, service accounts, and AI agents creates inconsistent attributes, duplicated work, and weak visibility, according to ConductorOne. The governance problem is not just directory sprawl, but the lack of a single source of truth that can keep identity data synchronized across every system.
At a glance
What this is: This is a product announcement about consolidating identity data into a single control plane, with the key finding that fragmented identity records undermine consistent governance across human, NHI, and AI agent populations.
Why it matters: It matters because IAM teams cannot govern lifecycle, access, and auditability consistently when identity attributes, group data, and source-of-truth records are scattered across disconnected systems.
👉 Read ConductorOne's post on Super Directory and identity orchestration
Context
Identity orchestration depends on reliable identity data, but most enterprises still manage that data across HR platforms, directories, identity providers, spreadsheets, and acquisition-driven silos. When the same identity exists in multiple systems with different attributes, access decisions become inconsistent and governance breaks down across human users, service accounts, and AI agents.
The primary problem is not directory count, it is identity truth. IAM, IGA, and security teams need a normalized control layer that can reconcile attributes, preserve ownership, and synchronize changes across downstream systems without manual cleanup. That becomes more urgent as AI agents join the same identity fabric as employees, contractors, vendors, and workloads.
Key questions
Q: How should teams unify identity data across HR, directories, and SaaS apps?
A: Start by naming one authoritative source for each identity attribute, then standardize how that attribute is synchronized into downstream systems. The goal is not to centralize everything in one repository, but to prevent conflicting records from driving inconsistent access, lifecycle, and audit outcomes across the environment.
Q: Why do disconnected identity stores create governance risk?
A: Disconnected stores create multiple versions of identity truth, which leads to duplicated effort, stale entitlements, and inconsistent accountability. That risk grows when the estate includes contractors, service accounts, and AI agents, because each population may be tracked in a different system with different quality controls.
Q: What breaks when AI agents and service accounts are forced into human directory models?
A: Human-centric directory models often cannot represent non-human ownership, lifecycle, or access semantics cleanly. When that happens, teams misclassify identities, apply the wrong policy, and lose visibility into who or what actually holds access across the stack.
Q: How can IAM teams tell whether identity orchestration is working?
A: Look for consistent attributes, predictable group propagation, fewer manual reconciliations, and cleaner offboarding outcomes across connected systems. If teams still spend time correcting records by hand or chasing mismatched access data, the orchestration layer is not yet acting as a reliable control plane.
Technical breakdown
Why a single source of truth matters for identity orchestration
A unified identity layer is the system that normalizes identity attributes and publishes them consistently to downstream applications. In practice, this is about resolving competing records, standardizing profile types, and keeping group and attribute changes aligned across directories, HR feeds, and identity providers. Without that layer, every connected system becomes a partial truth, and governance depends on manual reconciliation. For IAM and IGA teams, the architectural issue is not storage, but consistency. If identity data is inconsistent, every downstream access review, provisioning workflow, and policy decision inherits the error.
Practical implication: map where your authoritative attributes live today and define which system is allowed to win when records conflict.
How push attributes and group sync change downstream governance
Push-based synchronization turns identity orchestration into an active control plane rather than a passive directory. Attribute updates and group changes are propagated to connected systems automatically, which reduces drift between source records and enforced access. That matters because stale group membership and mismatched profile types often create invisible privilege accumulation. In an environment with multiple identity sources, group management is not just an admin function, it is an enforcement layer. The technical risk is brittle integration logic that fails quietly when upstream identity data changes.
Practical implication: test whether your downstream systems receive identity changes consistently or whether each application still relies on custom, fragile update logic.
Why AI agent and third-party identity types complicate directory design
Modern directories were built around relatively stable human identities, not mixed populations that include contractors, vendors, service accounts, retirees, and AI agents. Each identity type can require different profile semantics, ownership rules, and lifecycle handling, yet the control plane still has to normalize them into a coherent model. That is why profile types matter: they let the directory distinguish identity classes without splitting governance into disconnected silos. The architectural problem is not only scale, but heterogeneity. A directory that cannot represent identity type differences accurately will misapply policy and obscure accountability.
Practical implication: verify that your directory model can represent non-human identities explicitly instead of forcing them into human-centric schemas.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Identity orchestration is becoming the control plane that IAM never fully had. Traditional directories handled authentication-adjacent records, but modern enterprises need a layer that normalizes identity truth across HR, IGA, PAM-adjacent governance, and NHI populations. That shift matters because access quality now depends on data consistency before it depends on policy logic. Practitioners should treat identity orchestration as foundational infrastructure, not an administrative convenience.
Fragmented identity data creates governance debt across every actor type. When employees, contractors, service accounts, and AI agents are governed in separate systems, attribute drift and duplicated ownership records become permanent sources of error. The same issue that produces bad joiner-mover-leaver outcomes for humans also produces stale entitlements for NHIs and mis-scoped access for agents. The practitioner conclusion is simple: fragmented identity records are not a data problem alone, they are a governance failure mode.
Mixed identity estates require profile-based governance, not one-size-fits-all directories. A directory that understands only human users will mis-handle service accounts and AI agents because it cannot encode different ownership, lifecycle, and access semantics. Super Directory-style orchestration points to a broader market direction: the control layer is moving above individual systems and toward identity abstraction. IAM teams should re-evaluate whether their current directory model can represent identity diversity without collapsing policy precision.
Unified identity data is now a prerequisite for automating onboarding, offboarding, and access enforcement. Automation amplifies whatever truth the source records contain, so a bad identity record becomes a fast-moving governance error. That is true for human users and even more acute for machine identities that can be created and propagated at high volume. The implication is that automation maturity now depends on data normalization maturity, not the other way around.
From our research:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity control starts from incomplete records.
- Read Ultimate Guide to NHIs , What are Non-Human Identities for the baseline identity model that orchestration layers must support.
What this signals
Identity orchestration is now a prerequisite for scaling AI agent and NHI governance. With 92% of organisations exposing NHIs to third parties, the governance problem is already broader than internal workforce identity, and orchestration has to account for external trust boundaries as well as internal records.
The practical test for readers is whether their identity stack can preserve a single accountable record when the same subject is represented in HR, directory, SaaS, and NHI systems. If not, every automation layer above it will simply accelerate the drift.
Data normalization is the hidden dependency behind lifecycle automation. Onboarding, offboarding, and access enforcement only become reliable when the underlying identity data is already standardized. Teams that want cleaner governance should treat orchestration as a data discipline first and an automation discipline second.
For practitioners
- Inventory identity source-of-truth conflicts Document where employee, contractor, vendor, service account, and AI agent records are created, updated, and corrected. Identify which system owns attributes such as status, manager, group membership, and lifecycle state when records disagree.
- Normalize profile types before expanding automation Define explicit identity classes for humans, non-human identities, and AI agents so downstream workflows do not inherit human-centric assumptions. Use those classes to drive provisioning, access policy, and offboarding logic consistently.
- Test attribute and group propagation end to end Validate that changes made in the authoritative system appear correctly in downstream directories, SaaS apps, and governance tools without manual fixes. Pay special attention to group sync, ownership fields, and status changes that drive access removal.
- Eliminate brittle directory-specific exceptions Review custom integrations and one-off sync scripts that create alternate identity truths in specific platforms. Replace them with a governed orchestration layer or standard interface wherever possible so access decisions remain consistent.
Key takeaways
- Identity orchestration only works when there is one authoritative record for each identity attribute across the stack.
- Mixed estates of humans, contractors, service accounts, and AI agents expose the limits of directory models built for a single identity type.
- Practitioners should validate attribute ownership, profile typing, and downstream synchronization before adding more automation.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Identity source sprawl increases exposure of non-human identities and secrets. |
| NIST CSF 2.0 | PR.AC-1 | Identity data consistency underpins access control decisions across systems. |
| NIST Zero Trust (SP 800-207) | AC-1 | A unified control plane supports continuous verification across distributed identities. |
Use the orchestration layer to enforce consistent identity context before granting access.
Key terms
- Identity Orchestration: Identity orchestration is the coordination layer that keeps identity data, attributes, and group state consistent across multiple systems. It does not replace every source, but it reduces drift by making one system the authority for identity truth and propagating changes reliably to the rest of the stack.
- Authoritative Source: An authoritative source is the system that owns the final version of an identity attribute or record. In practice, this is the reference point that other systems should trust when they receive conflicting data, so access decisions and lifecycle actions remain consistent.
- Profile Type: A profile type is a distinct identity classification used to represent different subject categories such as employees, contractors, service accounts, or AI agents. It lets governance systems apply different ownership and lifecycle semantics without forcing every identity into a human-only model.
- Data Drift: Data drift is the divergence that occurs when identity records, attributes, or access states become inconsistent across systems over time. It is a governance problem because downstream controls act on stale or conflicting information, which weakens lifecycle accuracy and audit confidence.
Deepen your knowledge
Identity orchestration, profile typing, and lifecycle governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building a governance model for mixed human and non-human estates, it is worth exploring.
This post draws on content published by ConductorOne: Meet Super Directory: Identity Orchestration Starts Here. Read the original.
Published by the NHIMG editorial team on 2025-11-06.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
