SailPoint and Entro: what this acquisition changes for NHI teams

TL;DR: Identity programmes are moving from periodic governance to continuous control over human, machine, and agent access as SailPoint’s intent to acquire Entro combines secrets discovery, NHI scanning, and lineage mapping across more than 1,000 identity types, 1,200 credential types, and 70 enterprise sources, according to SailPoint.

NHIMG editorial — what this means for NHI practitioners

By the numbers:

• Entro provides out-of-the-box coverage for more than 1,000 NHI/agent types and the discovery of over 1,200 credential types across 70+ critical enterprise sources.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should security teams govern non-human identities across cloud and CI/CD systems?

A: Treat NHI governance as a continuous control problem, not an inventory exercise.

Q: Why do service accounts and API keys create so much identity risk?

A: Because they often hold persistent, reusable access that is difficult to observe and harder to revoke quickly.

Q: When should organisations prioritise zero-standing privilege for machine identities?

A: As soon as machine access is used across multiple systems or sensitive workflows.

Practitioner guidance

• Map every non-human identity to a human owner Require service accounts, API keys, tokens, and certificates to resolve to a named owner and business purpose before they are accepted into governance workflows.
• Prioritise high-blast-radius credentials first Use lineage and usage data to identify which credentials open the most downstream systems, then remediate those entitlements before low-impact accounts.
• Convert long-lived machine access to task-scoped access Replace reusable standing credentials with task-bounded access patterns, and ensure revocation is tied to workflow completion rather than manual review.

What's in the full announcement

SailPoint’s full announcement covers the operational detail this post intentionally leaves for the source:

• The planned Entro integration path for discovery, lineage mapping, and runtime protection across specific identity sources.
• Vendor statements on how the combined platform is expected to map owners, permissions, and blast radius across non-human identities.
• Details on the acquisition timeline, closing conditions, and forward-looking product plans that are outside this independent analysis.
• The company’s own framing of Agentic Fabric and how it positions unified identity security across human and non-human access.

👉 Read SailPoint’s acquisition announcement for Entro and agentic fabric →

SailPoint and Entro: what this acquisition changes for NHI teams?

Explore further

View Full Forum →  |  NHI Foundation Course →