Interactive Demo|NHI Security Dashboard with sample dataBack to Demo

Non-Human Identity Security

Discover, monitor, and secure service accounts, OAuth apps, and API tokens

Okta Organization

Total NHIs

15 active, 2 inactive

Critical

Immediate attention

High Risk

Review and remediate

Medium Risk

Monitor closely

Total Issues

3 expired, 5 orphaned

Expired Credentials

Over-Privileged

Orphaned

Unused 90+ Days

Risk Level

Type

Name	Type	Risk	Status	Last Used	Issues
Legacy Provisioning Service 0oa8k3xCritical01	Service Account	CRITICAL Score: 95	ACTIVE	May 14, 2025 268 days ago	• Super Admin role assigned • Credentials expired 287 days ago +2 more
prod-ci-deploy-token 0oa8k3xCritical02	API Token	CRITICAL Score: 92	ACTIVE	Feb 5, 2026 1 days ago	• Full admin API token with no scope restrictions • Created by terminated employee +1 more
External HR Sync Bot 0oa8k3xCritical03	Service Principal	CRITICAL Score: 88	ACTIVE	Feb 6, 2026 0 days ago	• Read/write access to all user profiles • Credentials shared across 3 environments +1 more
Salesforce SSO Integration 0oa8k3xHigh01	SAML App	HIGH Score: 74	ACTIVE	Feb 6, 2026 0 days ago	• SAML certificate expiring in 12 days • Granted access to 847 users including contractors
GitHub Enterprise OAuth 0oa8k3xHigh02	OAuth App	HIGH Score: 71	ACTIVE	Feb 4, 2026 2 days ago	• Overly broad scopes: okta.users.manage, okta.groups.manage • Token refresh not enforced
Jenkins CI Pipeline 0oa8k3xHigh03	API Token	HIGH Score: 68	ACTIVE	Feb 5, 2026 1 days ago	• Token not rotated in 180+ days • Used from 14 different IP addresses
Datadog Monitoring Agent 0oa8k3xHigh04	Service Account	HIGH Score: 65	ACTIVE	Feb 6, 2026 0 days ago	• Granted read access to security logs and audit events • Service account owner left the organization
Slack SCIM Provisioner 0oa8k3xMed01	OAuth App	MEDIUM Score: 45	ACTIVE	Feb 6, 2026 0 days ago	• Token not rotated in 90+ days
Azure AD Sync Service 0oa8k3xMed02	OIDC App	MEDIUM Score: 42	ACTIVE	Feb 6, 2026 0 days ago	• Client secret approaching expiration (30 days) • No secondary credential configured
staging-test-token 0oa8k3xMed03	API Token	MEDIUM Score: 38	ACTIVE	Jan 3, 2026 34 days ago	• Token used infrequently (last use: 34 days ago)
Zoom SAML Integration 0oa8k3xMed04	SAML App	MEDIUM Score: 35	ACTIVE	Feb 5, 2026 1 days ago	• SAML assertion lifetime set to 24 hours (recommended: 5 min)
Okta Verify Push Service 0oa8k3xLow01	Service Account	LOW Score: 12	ACTIVE	Feb 6, 2026 0 days ago	No issues
Google Workspace SSO 0oa8k3xLow02	SAML App	LOW Score: 8	ACTIVE	Feb 6, 2026 0 days ago	No issues
Jira Cloud OIDC 0oa8k3xLow03	OIDC App	LOW Score: 10	ACTIVE	Feb 6, 2026 0 days ago	No issues
PagerDuty Alerts Service 0oa8k3xLow04	Service Account	LOW Score: 5	ACTIVE	Feb 6, 2026 0 days ago	No issues
Deprecated SCIM Bridge v1 0oa8k3xInactive01	Service Account	HIGH Score: 62	INACTIVE	Sep 10, 2025 149 days ago	• Inactive service account still has admin credentials • Not deprovisioned after migration
old-monitoring-webhook 0oa8k3xInactive02	API Token	MEDIUM Score: 40	INACTIVE	Never	• Inactive token never revoked

NHI Backup & Recovery

Butterfly Security backs up and monitors all non-human identities in your Okta organization. If a service account or OAuth app is compromised, instantly roll back to a known-good state. Critical and high-risk identities are flagged automatically with actionable remediation steps.

Back to Demo Dashboard