Named identity

Expanded Definition

Named identity is the governance pattern that gives each human user, service account, workload, bot, or agent a distinct identity that can be traced to a single owner, purpose, and policy set. In NHI practice, the point is not just uniqueness; it is provable lineage across provisioning, approval, access, rotation, and offboarding. That lineage is what allows security teams to answer who or what acted, under which authority, and whether the action was expected.

Definitions vary across vendors when the identity is an AI agent or a shared automation platform, so the safest interpretation is functional: if the actor can perform actions, it needs a named identity and a documented owner. This aligns with the broader identity governance approach described in the Ultimate Guide to NHIs and with the assurance thinking in NIST Cybersecurity Framework 2.0. The most common misapplication is treating a shared admin login or a generic API token as a named identity, which occurs when teams optimise convenience over accountable ownership.

Examples and Use Cases

Implementing named identity rigorously often introduces operational overhead, requiring organisations to weigh clean accountability against faster, less controlled access paths.

• A CI/CD runner uses a dedicated service account with a recorded owner, scope, and rotation schedule so pipeline activity is attributable instead of anonymous.
• An AI agent that opens tickets or triggers workflows is assigned a named identity with explicit tool permissions, rather than borrowing a human engineer’s session.
• A finance API integration is tied to one application identity, making it possible to revoke access without breaking unrelated systems or obscuring audit trails.
• A contractor’s access is created under a named account, then disabled cleanly at offboarding so logs continue to show exactly which actions were theirs.
• In breach reviews, investigators compare account lineage, secret usage, and change history against cases like the JetBrains GitHub plugin token exposure to see whether identity boundaries were maintained.

These patterns are easiest to operationalise when identity is mapped into access policy and lifecycle controls, as reflected in guidance from the Ultimate Guide to NHIs — What are Non-Human Identities and the identity assurance concepts in NIST Cybersecurity Framework 2.0.

Why It Matters in NHI Security

Named identity is a control boundary, not a naming convention. Without it, approvals lose context, logs lose evidentiary value, and revocation becomes partial because teams cannot confidently tell which system, secret, or automation path is still active. That is why named identity supports RBAC, PAM, JIT, and Zero Trust Architecture: each control depends on knowing exactly which actor is requesting access and whether that actor should still exist.

The risk is not theoretical. NHI Mgmt Group research shows that Ultimate Guide to NHIs found 97% of NHIs carry excessive privileges, which means identity sprawl often becomes privilege sprawl as well. Named identity helps reduce that drift by making each account reviewable, revocable, and defensible. It also strengthens post-incident reconstruction by preserving a reliable chain of custody for secrets and actions, something frequently missing in breaches discussed in the 52 NHI Breaches Analysis and Top 10 NHI Issues. Organisations typically encounter the cost of unnamed or shared identities only after an access review, incident investigation, or offboarding failure exposes actions that cannot be reliably attributed.

Related resources from NHI Mgmt Group

• What is a Non-Human Identity (NHI)?
• What is the difference between NHI and machine identity?
• What is the difference between an identity, a credential, and a secret?
• Why has identity replaced the network perimeter as the primary security boundary?