Notifications
Clear all
Topic starter
14/05/2026 5:37 pm
TL;DR: Saviynt says its updated Identity Governance App for ServiceNow lets teams complete access requests, certifications, approvals, and bulk provisioning inside ITSM, while future capabilities add AI recommendations, trust scoring, JIT access, and Universal Identity Coverage for NHIs and AI agents. Context switching still creates governance drag, and the real test is whether controls remain rigorous once identity work moves into the daily workbench.
NHIMG editorial — what this means for NHI practitioners
Questions worth separating out
Q: How should security teams govern non-human identities inside ITSM workflows?
A: Security teams should treat ITSM as the place where access decisions are executed, not where governance is defined.
Q: What is the difference between identity governance and ITSM for access control?
A: Identity governance defines who should have access, under what conditions, and how it is reviewed.
Q: When does just-in-time access help more than it hurts?
A: Just-in-time access helps when elevated access is rare, task-specific, and easy to log.
Practitioner guidance
- Map governance workflows to the ITSM process Identify where access requests, certifications, and approvals currently cross between tools, then remove the highest-friction steps first.
- Separate human and non-human review logic Create distinct certification rules for NHIs such as service accounts, API keys, and AI agents so they are not forced through human-centric review templates.
- Use JIT only for scoped, time-bound access Apply just-in-time access to elevated tasks with explicit expiry, approval context, and logging.
The governance challenge shifts from user friction to policy quality, which is where many programmes are weakest?
👉 Read Saviynt's post on identity governance directly inside ServiceNow →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 5:39 pm
Identity governance will fail if it is treated as a separate destination instead of a workflow embedded in the systems people already use. The strongest operational issue in governance is not policy design alone, but completion failure. If review, approval, and certification steps are cumbersome, people delay them or skip them. For practitioners, the control objective is adoption, not interface consolidation.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, which means governance controls often face stale credentials as well as stale approvals.
A question worth separating out:
Q: Why do non-human identities create gaps in traditional access reviews?
A: Traditional access reviews are usually built around named people, job roles, and periodic certification cycles. NHIs often outnumber humans, change faster, and are harder to assign to one accountable owner. That makes them easy to miss unless review logic explicitly includes service accounts, tokens, bots, and AI agents.
👉 Read our full editorial: Identity governance in ServiceNow now reaches NHI workflows
This post was modified 4 weeks ago by Mr NHI
