Lifecycle modelling is the logic that turns joiner-mover-leaver events into coordinated identity changes across systems. It helps teams apply one consistent decision to provisioning, revocation, downgrade, and deactivation instead of relying on separate scripts and manual updates.
Expanded Definition
Lifecycle modelling is the policy and decision logic that translates joiner, mover, leaver events into consistent identity actions across applications, cloud services, and automation pipelines. In NHI operations, the model defines when a service account is created, when permissions change, when credentials rotate, and when the identity is suspended or destroyed.
Unlike a one-time provisioning workflow, lifecycle modelling treats identity state as a governed sequence. That distinction matters because non-human identities often persist across code deployments, CI/CD jobs, vaults, and third-party integrations. The lifecycle must therefore account for ownership, approval, dependency mapping, and revocation timing, not just creation. Guidance across vendors is still evolving, but the practical standard is clear: every identity should have an explicit state model and an accountable event source. This aligns closely with the operational concerns described in the NHI Lifecycle Management Guide and the control expectations in the OWASP Non-Human Identity Top 10.
The most common misapplication is treating lifecycle modelling as a provisioning script, which occurs when teams automate account creation but leave revocation, rotation, and ownership changes to manual follow-up.
Examples and Use Cases
Implementing lifecycle modelling rigorously often introduces coordination overhead, requiring organisations to weigh faster automation against tighter approval, dependency, and audit controls.
- A new microservice is deployed, and the lifecycle model creates a scoped service account, assigns minimum permissions, and records the owning team before the workload goes live.
- An application changes platforms, and the mover event triggers a permission downgrade, secret rotation, and removal of unused token access rather than leaving both old and new entitlements active.
- An employee leaves, and the leaver workflow revokes any NHI privileges tied to that owner, informed by the offboarding patterns discussed in the Ultimate Guide to NHIs.
- A CI/CD pipeline job is replaced, and the old credential is deactivated after the new workload is confirmed, avoiding duplicate live identities across environments.
- A secrets manager rotation policy is tied to the lifecycle model so that credential renewal occurs automatically when the identity enters a high-risk or inherited-access state.
Lifecycle modelling also helps teams distinguish between static and dynamic secrets, a separation explored in the Ultimate Guide to NHIs — Static vs Dynamic Secrets, while the OWASP guidance helps frame the control gaps that emerge when identities are left unmanaged.
Why It Matters in NHI Security
Lifecycle modelling is one of the main differences between a manageable NHI estate and a growing inventory of forgotten access paths. Without it, identities accumulate stale privileges, orphaned tokens, and duplicated secrets that survive long after the business process that created them has ended. NHIMG research shows that 91% of former employee tokens remain active after offboarding, which is exactly the kind of failure lifecycle modelling is meant to prevent. That risk becomes larger when secrets are spread across tickets, repositories, and deployment tooling instead of being governed through a defined lifecycle.
For security and governance teams, the practical issue is not only initial creation but also timely transition, consistent revocation, and evidence that each identity has an owner and an end state. The Top 10 NHI Issues and the Guide to the Secret Sprawl Challenge show how quickly unmanaged lifecycle decisions turn into exposure, while the OWASP Non-Human Identity Top 10 reinforces the need to treat stale access as a core control problem. Organisations typically encounter lifecycle modelling as an urgent requirement only after an offboarding failure, at which point revocation and cleanup become operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Lifecycle failures create orphaned, stale, and overprivileged non-human identities. |
| NIST CSF 2.0 | PR.AA | Identity lifecycle governance supports authentication and access management outcomes. |
| NIST Zero Trust (SP 800-207) | AC-4 | Zero Trust relies on continuous, explicit control of identity access across transitions. |
Model every NHI state change and ensure revocation, rotation, and ownership updates are enforced.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 24, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
