In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more. Not surprisingly, security efforts have mainly been human-centric. Configuration options include tools like MFA and SSO for human authentication. Role-based access control (RBAC) limits the level of access; password complexity guidelines block unauthorized humans from accessing the application. Yet, in the world of SaaS, there is no shortage of access granted to non-human actors, or in other words, 3rd party connected apps. Service accounts, OAuth authorizations, and API keys are just a few of the non-human identities that require SaaS access. When viewed through the lens of the application, non-human accounts are similar to human accounts. They must be authenticated, granted a set of permissions, and monitored. However, because they are non-human, considerably less thought is given to ensuring security. Non-human Access Examples Integrations are probably the easiest way to understand non-human access to a SaaS app. Calendly is an app that eliminates the back-and-forth emails of appointment-making by displaying a user's availability. It integrates with a user's calendar, reads the calendar to…Read More