Notifications
Clear all
Topic starter
03/06/2026 7:27 pm
TL;DR: Salesforce ecosystems increasingly concentrate service accounts, API keys, OAuth tokens, and third-party integrations in ways that outgrow built-in controls, while credential misuse remains a common attack path, according to Entro Security and IBM X-Force. The governance problem is that machine identities behave like durable access layers, not reviewable user accounts, so lifecycle and privilege assumptions fail.
NHIMG editorial — based on content published by Entro Security: Challenges of non-human Identities in Salesforce
By the numbers:
- 98.3% of surveyed organizations were associated with at least one third-party that had experienced a breach in the last two years.
- 50% of organizations have indirect relationships with at least 200 fourth parties that have had breaches in the last two years.
- 71% year-over-year increase in cyberattacks that used stolen or compromised credentials.
Questions worth separating out
Q: How should security teams govern non-human identities in Salesforce environments?
A: Treat every API user, OAuth token, named credential, and connected app as a governed identity with an owner, scope, and expiry.
Q: Why do service accounts and tokens create more risk than many teams expect?
A: Because they often carry standing privilege, operate quietly, and remain valid long after the business need changes.
Q: What do organisations get wrong about Salesforce integration security?
A: They often secure the platform but ignore the identities that connect it to other systems.
Practitioner guidance
- Inventory every Salesforce machine identity Build a complete register of service accounts, API users, OAuth clients, named credentials, and third-party integrations.
- Remove standing privilege from integration accounts Replace broad entitlements such as Modify All Data with task-scoped access where possible.
- Shorten the lifespan of shared secrets Rotate OAuth tokens, API keys, and webhook secrets on a defined schedule, then revoke unused credentials immediately.
What's in the full article
Entro Security's full blog covers the operational detail this post intentionally leaves for the source:
- Examples of Salesforce permission sets and API account patterns that commonly create overexposure.
- The classification logic Entro uses to identify service accounts, OAuth tokens, and other machine identities at scale.
- Platform-specific blind spots around outdated tokens, inactive named credentials, and misconfigured third-party integrations.
- How Entro detects unusual usage patterns in Salesforce environments after discovery.
👉 Read Entro Security's analysis of non-human identity risks in Salesforce →
Salesforce NHI sprawl: what IAM teams are missing in integrations?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
03/06/2026 7:30 pm
Salesforce NHI sprawl is a first-order identity governance issue, not a platform hygiene issue. The article shows how API keys, OAuth tokens, service accounts, and low-code integrations expand the access surface beyond the CRM boundary. That means identity teams cannot treat Salesforce as a single application with a few administrative roles. They must treat it as a connected NHI ecosystem with its own lifecycle, privilege, and offboarding risks. The practitioner conclusion is simple: govern the identities around Salesforce as carefully as the data inside it.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
- In the same research, 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: How do you know if NHI governance is actually working in Salesforce?
A: You should be able to name every machine identity, show who owns it, explain why it exists, and prove when it was last reviewed or rotated. If a credential cannot be tied to a business purpose and a revocation path, governance is incomplete. Visibility and ownership are the clearest signals of control.
👉 Read our full editorial: Salesforce non-human identity sprawl exposes a broader control gap
