Notifications
Clear all
Topic starter
11/06/2026 11:45 pm
TL;DR: Identity is now the control point for users, apps, and automation, yet the article says many programmes still rely on manual provisioning, ticket-based approvals, and periodic access reviews that miss shadow SaaS and non-human identities, according to Zluri. The core issue is not tooling volume but governance model drift: identity controls designed for slower human workflows no longer match how access is created, used, and abandoned.
NHIMG editorial — based on content published by Zluri: Access Management Modern Identity Strategy: Blueprint for Secure, Scalable Access
Questions worth separating out
Q: How should security teams govern non-human identities in SaaS-heavy environments?
A: They should govern non-human identities with the same lifecycle discipline used for human access, but with stronger discovery and ownership controls.
Q: Why do quarterly access reviews fail to control access drift?
A: Quarterly reviews fail because they occur after drift has already accumulated and often lack enough context for accurate decisions.
Q: How can organisations reduce hidden risk in shadow SaaS and unmanaged entitlements?
A: They need discovery that goes beyond SSO coverage and maps in-app roles, direct logins, and unmanaged applications.
Practitioner guidance
- Unify identity sources before expanding governance Connect HR, directory, SaaS, and cloud identity data into one governed view so access decisions reflect actual ownership and entitlement state, not just what one system can see.
- Automate lifecycle triggers for moves and exits Tie provisioning and revocation to joiner, mover, and leaver events, then add expiry logic for temporary access so manual tickets do not become the default control.
- Discover non-human identities at the entitlement layer Inventory service accounts, bots, API keys, and application roles inside SaaS tools, then assign owners and classify what each identity can actually do.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- The platform comparison table showing how modern identity strategy differs from legacy IAM workflows in day-to-day operations.
- The implementation framing for unified identity data across HRMS, ITSM, directories, SaaS, and cloud sources.
- The specific workflow examples for automated joiner, mover, and leaver handling across employees, contractors, and vendors.
- The product-oriented discussion of how Zluri connects SaaS discovery, entitlement mapping, and access review automation.
👉 Read Zluri's article on modern identity strategy for secure access governance →
Modern identity strategy and NHI sprawl: where governance breaks down?
Explore further
12/06/2026 8:34 am
Identity governance is no longer a human-user problem with a few machine exceptions. The article describes a control environment where SaaS, shadow IT, service accounts, bots, and contractors all participate in access creation and persistence. That changes the governance model itself because the identity layer must now account for who or what can hold standing access across multiple systems. The practitioner conclusion is that IAM and NHI programmes can no longer be run as separate visibility domains.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
A question worth separating out:
Q: What should IAM teams prioritise first in a modern identity strategy?
A: They should prioritise a unified identity foundation, then automate the highest-risk lifecycle events. If identity data remains fragmented across HR, directory, cloud, and SaaS systems, every downstream control will be inconsistent. Once the foundation is in place, offboarding, temporary access expiry, and entitlement discovery become much easier to govern.
👉 Read our full editorial: Modern identity strategy must include NHI governance and SaaS access
