Notifications
Clear all
Topic starter
22/06/2026 1:41 pm
TL;DR: SPHERE’s integration with SailPoint ties identity hygiene to governance workflows by extending visibility, ownership intelligence, and authoritative attributes across human and non-human identities, according to SPHERE. The takeaway is that access certification and audit readiness still collapse when identity data is fragmented, incomplete, or unowned.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
Questions worth separating out
Q: What breaks when identity governance depends on incomplete identity data?
A: Certification breaks first, because reviewers cannot confidently validate ownership, lifecycle state, or business need.
Q: Why do NHIs make identity governance harder than human-only programmes?
A: NHIs multiply the number of identities that may lack a clear owner, a stable lifecycle, or a complete attribute set.
Q: How do teams know if ownership intelligence is actually working?
A: Ownership intelligence is working when every identity can be routed to a responsible party without manual investigation and when certification decisions can be acted on immediately.
Practitioner guidance
- Map identity data provenance before expanding certification scope Identify which systems supply authoritative ownership, lifecycle, and entitlement attributes, then compare them with what your IGA platform actually consumes.
- Require ownership for every identity class Make business or technical owner assignment mandatory for human accounts, service accounts, API credentials, and application identities.
- Normalize lifecycle context across directories and operational systems Bring status fields, last-used signals, and account origin into the same governance record so reviewers can tell active identities from stale ones.
What's in the full announcement
SPHERE's full article covers the operational detail this post intentionally leaves for the source:
- How SPHEREboard normalises identity data across infrastructure platforms, directories, and operational systems
- How ownership intelligence is mapped into SailPoint certification workflows for accountable reviews
- How the integration extends context for identities that fall outside traditional IGA connector coverage
- How the combined platform supports audit and regulatory readiness in hybrid enterprises
👉 Read SPHERE Technology Solutions' integration analysis for SailPoint identity governance →
Trusted identity data for IGA: what governance teams need now?
Explore further
This topic was modified 1 hour ago by Mr NHI
22/06/2026 1:45 pm
Identity governance fails first at the data layer, not the policy layer. If the platform cannot reconcile identity records across directories, infrastructure systems, and operational sources, certification becomes an exercise in partial truth. That is why identity hygiene is not a reporting enhancement but a prerequisite for defensible governance. Practitioners should treat data completeness and provenance as governance controls, not backend housekeeping.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- A separate finding shows that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, with 38% reporting no or low visibility and 47% only partial visibility.
A question worth separating out:
Q: Who should be accountable for identities that sit outside traditional IGA coverage?
A: Accountability should sit with the business or technical owner who can authorize, review, and remove the identity in practice. If no such owner exists, the identity should be treated as unmanaged risk, not as an acceptable certification edge case. That principle applies equally to human, service, and application identities.
👉 Read our full editorial: Identity governance still fails without trusted identity data and ownership
