Traditional workforce IAM fails because it assumes one stable person, one personal device, and predictable recovery paths. Retail and manufacturing replace that model with shared terminals, shift changes, and workers who may not have corporate inboxes or allowed phones. The result is slower access, weaker audit trails, and broken accountability.
Why This Matters for Security Teams
Traditional workforce iam is built around stable employment, personal devices, and recoverable identities. Retail and manufacturing break that model: workers rotate across shifts, use shared kiosks, and often need access that begins and ends with a line assignment rather than a long-lived account. That mismatch creates friction, encourages workarounds, and weakens auditability. NIST guidance on identity and access control, including NIST SP 800-53 Rev 5 Security and Privacy Controls, assumes access can be managed with clear subject attribution and enforceable lifecycle controls.
The operational risk is not just convenience. When a shared device is used for timekeeping, production instructions, or point-of-sale tasks, a failed login flow can push staff toward reused passwords, informal handoffs, or overshared accounts. NHIMG research on Ultimate Guide to NHIs — Standards shows that identity models start to fail when access patterns are not cleanly tied to one person, one endpoint, and one recovery path. In practice, many security teams encounter identity sprawl only after a shift supervisor, kiosk, or shared tablet has already become the de facto access control point.
How It Works in Practice
The core issue is that workforce IAM optimizes for identity proofing and account recovery, while retail and manufacturing optimize for speed, continuity, and shared operations. A cashier, picker, technician, or line operator may need fast access to a task-specific system, but not a full corporate identity lifecycle. If the IAM stack requires an email inbox, a corporate phone, or a personal device, the business usually responds with exceptions. Those exceptions become the real policy.
Effective practice is usually a blend of identity, device, and workflow controls:
- Use shared-device patterns with strong session attribution so each action is tied to the actual operator, not just the terminal.
- Prefer badge, passcode, or step-up methods that work in shift-based environments, while avoiding account sharing.
- Apply role design around job function and location, then narrow access by task, line, store, or time window.
- Record who approved access, who used it, and when it expired, especially for privileged functions.
- Where possible, pair workforce IAM with privileged access controls and short-lived credentials rather than standing access.
This is where NHIMG reporting on The 2024 Non-Human Identity Security Report is relevant: 59.8% of organisations see value in dynamic ephemeral credentials, which maps closely to the need for short-duration access in operational environments. The same report also found that 88.5% say their non-human IAM lags behind or merely matches human IAM, a warning sign that static identity thinking is often carried into environments that need more flexible controls. Security design should align to the work pattern, not force the work pattern to fit the control stack. These controls tend to break down when a site depends on long-lived shared accounts because accountability and revocation both become unreliable.
Common Variations and Edge Cases
Tighter access control often increases operational overhead, requiring organisations to balance speed at the point of work against stronger attribution and revocation. That tradeoff becomes most visible in plants, warehouses, and high-turnover retail locations where workers move across roles and devices during the same shift.
There is no universal standard for this yet, but current guidance suggests that the right answer depends on the workflow. For highly regulated or safety-sensitive functions, stronger step-up verification and session tracing are worth the friction. For low-risk floor tasks, over-authentication can be counterproductive and lead to bypasses. Shared kiosks, offline terminals, and legacy OT systems are the hardest cases because they often cannot support modern identity flows, which is why compensating controls matter. NHIMG analysis of LLMjacking: How Attackers Hijack AI Using Compromised NHIs and the DeepSeek breach also reinforces a broader lesson: once credentials or shared access paths are exposed, attackers move quickly. In retail and manufacturing, that makes short-lived access and precise audit trails more important, not less.
Best practice is evolving toward identity that reflects the task, the device, and the shift, rather than assuming every worker can be treated like a fully managed office user.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-63 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Addresses identity proofing and access assignment for workforce users. |
| NIST SP 800-63 | Digital identity assurance matters when workers lack standard corporate recovery paths. | |
| OWASP Non-Human Identity Top 10 | NHI-01 | Shared access patterns increase the risk of weak secret and account governance. |
| NIST AI RMF | Operational identity risk needs governance when access spans shared devices and shifts. |
Set ownership, monitoring, and accountability for identity risk in operational environments.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org