โ† Back to platform Platform / NHIs
๐Ÿค– Non-human identities

NHIs outnumber humans 40:1. Governed like them.

Service accounts, AI agents, application identities and IoT devices share access models with humans โ€” and need the same ownership, review cadence, and revocation discipline. RapidValue applies a 4-tier governance model based on autonomy and blast radius.

Book a demo โ†’ See the 4 tiers

What's inside

One inventory. Tier-appropriate controls.

Not all NHIs are equal. A service account running a nightly backup needs different governance than an autonomous AI agent making customer-facing decisions. RapidValue's 4-tier model assigns review cadence, JIT requirements, and credential rotation policies based on tier.

NHI discovery dashboard
NHI overview

Total NHIs, NHI-to-human ratio, ownership coverage

The top-line metrics tell you what's at stake: total NHIs, the ratio of NHIs to humans (industry average is 25:1, often 40+), ownership coverage, stale credential count, and high/critical risk count. Below: the 4-tier breakdown and top 5 risk NHIs.

NHI overview
The 4-tier governance model

T1 AI-Assisted

Service accounts & IoT devices โ€” low autonomy, reuse existing IGA flows. Governance: reuse IGA policy, manual approval, yearly review. Includes the bulk of legacy service accounts.

T2 AI-Enabled

System accounts โ€” scoped, predictable permissions. Governance: scoped permissions, 2-year review, 90-day credential rotation. The traditional "one account per app" category.

T3 Autonomous

AI agents โ€” autonomous decisions, require JIT + behaviour monitoring. Governance: JIT access, policy-as-code, behaviour monitoring, max-24h credentials. Modern AI deployment category.

T4 AI-to-AI

Applications delegating to other agents โ€” federation + audit chain. Governance: agent identity federation, delegation tokens, audit chain. Multi-agent orchestration category.

Ownership & lifecycle

๐Ÿ‘ค Owner-attributed

Every NHI has an owner identity. Ownership transfers fire smart certs to the new owner. Orphaned NHIs (no owner) are surfaced as risk items. Owner is queryable, filterable, and reviewable like any other access decision.

โฑ๏ธ JIT & rotation

T3 and T4 NHIs require Just-In-Time access elevation rather than standing privileges. Credential rotation policies enforce per-tier: T2 = 90-day, T3 = 24-hour, T4 = federation tokens (no long-lived secret to rotate).

๐Ÿ“‹ NHI re-certification

The default cert-rule for NHIs (cr-nhi-ownership-yearly) reviews T1-T4 NHI ownership every 180 days. Reviewer = manager (proxy for NHI owner). Auto-action on deadline = flag-for-review (not revoke โ€” NHIs shouldn't be silently disabled and break automation).

๐Ÿ” Risk scoring

Per-NHI risk score combines: tier (higher = more weight), missing owner, credential age vs policy, unused activity window, and autonomous-without-JIT flag. Drives the "top 5 risk NHIs" surface on the dashboard.

Why NHIs need their own governance

The unmanaged NHI population is your biggest blind spot.

๐Ÿ“Š 40:1 NHI-to-human ratio

Industry research puts NHI populations at 25โ€“60ร— human users. Your IGA tool probably governs the humans well and largely ignores the rest. That's where the credential leaks live.

๐Ÿšจ 70% of recent breaches

Recent EU breach reports attribute majority of root causes to leaked NHI credentials โ€” service account passwords in repos, API keys with no rotation, AI agent tokens with no scope. Govern them like humans.

๐Ÿค– EU AI Act + DORA

New EU regulations require agent identity governance and demonstrable control over AI-to-system delegation. T3/T4 governance maps directly to these requirements.

โš™๏ธ One inventory

NHIs live in the same Identity table as humans, with identity_type = service_account / ai_agent / application / system_account / iot_device. Same audit chain, same reconciliation, same export โ€” no separate tool.

Related capabilities

NHIs are one piece of the platform.

All capabilities share the same identity graph, the same policies, the same audit chain.

๐Ÿšฆ

Lifecycle

JML automation
โš–๏ธ

Governance

Approvals + role mining
โœ…

Compliance

Certifications + audit
๐Ÿ”Œ

Connectors

Wizard + tier-3 agent
๐Ÿ›ก๏ธ

Posture

Risk + recommendations

Discover your NHI population in 30 minutes.

Connect one target. Run NHI discovery. See your NHI-to-human ratio, your top risk NHIs, and which ones have no owner โ€” typically uncomfortable to look at the first time.

Book a POC demo โ†’
EU-hosted ยท No installation footprint ยท Walks away cleanly if you don't convert