Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Extended access management: what does it change for IAM teams?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: The Access-Trust Gap created by unfederated identities, unmanaged apps, devices, and AI agents accessing sensitive data has made Extended Access Management a necessary response, according to 1Password. The security issue is broader than a sponsorship story: governance now has to cover every sign-in path, not just managed endpoints and federated users.

NHIMG editorial — based on content published by 1Password: extended access management and the Red Bull Racing partnership

By the numbers:

Questions worth separating out

Q: How should security teams govern unmanaged identities that sit outside IAM and MDM coverage?

A: Start by inventorying the identities that never enter the normal joiner, mover, leaver process, including service accounts, API keys, tokens, and agent credentials.

Q: Why do unmanaged apps and machine identities increase identity risk?

A: Because they can authenticate to critical systems without going through the same lifecycle controls used for human users.

Q: What do teams get wrong about governing AI agents as identities?

A: They often treat AI agents as if they were just another automation job, then inherit controls that assume fixed behaviour and stable privilege.

Practitioner guidance

What's in the full article

1Password's full article covers the brand partnership and campaign detail this post intentionally leaves for the source:

  • The livery reveal story and how the collaboration was positioned around women in motorsport and cybersecurity.
  • The sponsorship and event context around the Canadian Grand Prix weekend in Montreal.
  • The specific brand and community messaging used around mentorship, inclusion, and talent development.
  • The public-facing description of 1Password’s extended access management positioning in its own words.

👉 Read 1Password's post on extended access management and the Red Bull Racing partnership →

Extended access management: what does it change for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Extended access management is a response to governance blind spots, not just product sprawl. The article is effectively arguing that identity programmes have outgrown the boundaries of managed devices and federated sign-in. That matters because the access surface now includes service accounts, tokens, unmanaged apps, and AI-connected execution paths that legacy tools only partially see. Practitioners should read this as a control-plane gap, not a branding change.

A few things that frame the scale:

  • Only 5.7% of organisations have full visibility into their service accounts, according to The Ultimate Guide to NHIs.
  • 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to the same research.

A question worth separating out:

Q: How do IAM and NHI programmes work together in extended access management?

A: IAM provides the policy, authentication, and lifecycle discipline, while NHI governance handles the credential, workload, and machine access layer that traditional IAM often misses. Extended access management only works when both layers are connected to one inventory and one accountability model. Without that linkage, the same access gap simply shifts location.

👉 Read our full editorial: Extended access management for AI agents and unmanaged identities



   
ReplyQuote
Share: