Notifications
Clear all
Topic starter
25/06/2026 2:33 pm
TL;DR: Identity platform coverage now spans human and non-human access, including NHI governance, just-in-time access, and an MCP server for AI agents, positioning identity as a single control plane across application, data, and process access, according to Saviynt. The governance question is less about feature breadth than whether one model can safely cover service accounts, tokens, and agents with different trust assumptions.
NHIMG editorial — based on content published by Saviynt: its newsroom overview of identity platform developments and NHI coverage
Questions worth separating out
Q: How should security teams govern human, machine, and AI agent identities in one programme?
A: Start by separating identity behaviour, then unify reporting and policy intent only where the controls genuinely overlap.
Q: Why do just-in-time controls become harder to apply to machine identities?
A: Machine identities often need repeatable, low-latency access for automated workflows, so the access window must be short without introducing operational failure.
Q: What breaks when AI agent access is reviewed like human access?
A: Human access reviews assume entitlements are stable long enough to be observed, certified, and remediated.
Practitioner guidance
- Separate identity classes before consolidation Map humans, service accounts, API credentials, and AI agents into distinct governance paths before trying to unify policy and reporting.
- Test runtime access against real workflows Validate JIT and privileged access controls against production timing, orchestration dependencies, and failure handling for machine identities.
- Inventory agent-to-tool permission chains Document every tool, API, and data source an AI agent can call, then verify that each path has an explicit entitlement boundary and logging requirement.
What's in the full article
Saviynt's full newsroom page covers the platform details this post intentionally leaves at the governance level:
- Specific product naming across the identity cloud portfolio, including NHI, JIT access, and ISPM for AI agents.
- The way Saviynt frames workload and machine identity coverage across its use cases and industry segments.
- The broader company positioning around identity security, customer reach, and platform scope.
- The source page's own navigation to related solution areas and product lines that implementation teams may want to compare internally.
👉 Read Saviynt’s newsroom overview of identity platform coverage for humans, NHIs, and AI agents →
Saviynt’s platform update: what does it change for IAM teams?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
25/06/2026 3:42 pm
Platform convergence is now the organising theme in identity security. Saviynt’s positioning reflects a broader market shift in which identity platforms are expected to govern humans, NHIs, and AI agents through one operating model. That convergence can improve visibility, but it also raises the burden of proving that one governance layer can meaningfully differentiate between interactive users, long-lived machine identities, and runtime AI behaviour. Practitioners should treat consolidation as an operating question, not a feature headline.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means most governance teams are still operating without a complete identity inventory.
A question worth separating out:
Q: Who is accountable when an AI agent uses delegated access outside expectation?
A: Accountability should sit with the team that defined the agent’s permitted scope, the platform that enforces it, and the business owner that accepted the risk. If those responsibilities are not explicit, delegated access becomes difficult to certify or revoke with confidence. Governance must make the approval chain visible before the agent is allowed to act.
👉 Read our full editorial: Saviynt’s identity platform and what it means for NHI governance
