One-connector-per-app models usually break at scale because retry logic, pagination, and rate limiting are rebuilt separately in each integration. That fragmentation makes maintenance harder and increases the chance of silent data loss. The practical consequence is inconsistent reliability across applications, which undermines trust in the platform’s governance outputs.
Why This Matters for Security Teams
One-connector-per-app sounds clean in architecture diagrams, but it creates a fragile operating model when every integration reimplements retry handling, pagination, throttling, and error recovery. The result is not just duplicate code. It is uneven reliability, inconsistent telemetry, and governance decisions built on partial data. In identity platforms, that matters because the platform is often treated as a source of truth for access, risk, and lifecycle state.
When connectors diverge, one app may sync correctly while another silently drops records or delays updates long enough to distort access reviews. That is especially dangerous when service accounts, API keys, and other NHIs are involved, because visibility is already weak. NHIMG notes in the Ultimate Guide to NHIs that only 5.7% of organisations have full visibility into their service accounts, which means connector failures usually compound an existing blind spot rather than create a new one. NIST’s Cybersecurity Framework 2.0 reinforces the need for consistent detection and monitoring, but a fragmented connector estate makes that consistency difficult to sustain.
In practice, many security teams encounter connector drift only after a downstream report, audit exception, or incident reveals that one integration has been failing quietly for weeks.
How It Works in Practice
The core problem is that connector logic becomes app-specific instead of platform-specific. Each team ends up solving the same operational cases independently: retry backoff, cursor-based pagination, API rate limits, schema changes, partial writes, and idempotency. Over time, small differences accumulate. One connector retries aggressively and creates duplicate events. Another stops after a transient API error. A third handles pagination correctly but never surfaces a missing page as an error.
A more resilient model is to separate transport and reliability functions from application mapping. The platform should standardise how connectors handle retries, rate limiting, checkpointing, and error classification, then expose common observability for sync lag, failed objects, and dead-letter queues. That gives security and IAM teams a consistent control plane instead of many bespoke implementations.
- Centralise retry and backoff policies so every connector behaves consistently under API pressure.
- Use shared pagination and checkpointing logic so record loss is detectable, not silent.
- Instrument every connector with the same health metrics, including lag, failure rate, and reconciliation gaps.
- Define idempotent write patterns so retries do not create duplicate identities, entitlements, or events.
This is where NHI governance becomes practical rather than theoretical. If the platform cannot reliably ingest lifecycle changes from upstream systems, then rotation, deprovisioning, and access review workflows can all be delayed or misreported. The Top 10 NHI Issues and 52 NHI Breaches Analysis both show how quickly small identity control gaps become material exposure when secrets, tokens, and service accounts are not handled consistently. These controls tend to break down when the platform must integrate with many unstable APIs because connector owners start optimising for local success instead of shared reliability.
Common Variations and Edge Cases
Tighter connector standardisation often increases platform overhead, requiring organisations to balance engineering efficiency against product-team autonomy. That tradeoff is real: a single shared connector framework can reduce maintenance burden, but it may also slow onboarding for unusual SaaS apps or legacy systems that do not fit the standard pattern.
There is no universal standard for this yet, but current guidance suggests treating exceptions as exceptions. High-risk applications should not receive one-off connectors unless the platform can still enforce common retry, logging, and reconciliation semantics. For low-volume apps, a simpler adapter may be acceptable if it inherits the same observability and failure reporting. The important distinction is whether the connector is custom in presentation only, or custom in reliability behaviour as well.
Teams also need to watch for hidden edge cases such as webhook-only systems, eventual-consistency APIs, and apps that throttle unpredictably during bulk syncs. In those environments, connector failures may look like source-data inconsistency when the real issue is missing backpressure handling. Best practice is evolving, but the direction is clear: treat connector reliability as a shared platform capability, not a per-app implementation detail. That is how identity platforms avoid turning one integration problem into an enterprise-wide governance failure.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-05 | Connector failures can hide service account sync and lifecycle gaps. |
| NIST CSF 2.0 | DE.CM-01 | Inconsistent connector telemetry weakens continuous monitoring and detection. |
| CSA MAESTRO | GOV-03 | Shared connector governance supports repeatable control enforcement across integrations. |
Standardise NHI integration behavior so retries, revocation, and reconciliation are consistent across apps.
Related resources from NHI Mgmt Group
- What breaks when organisations rely on one-time identity checks?
- What is the difference between code scanning and runtime identity monitoring?
- Why do AI workflow platforms create a larger identity risk than a normal app server?
- What breaks when organisations use one Azure identity pattern for every workload?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 4, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org