Shadow identity is an unmanaged or poorly governed account, identity, or access path that exists outside normal security visibility and control. It matters because hidden identities can retain access long after nobody remembers they exist.
What is Shadow Identity?
Shadow identities can include unknown service accounts, stale privileged accounts, unsanctioned SaaS identities, orphaned application users, local admin accounts, and other access mechanisms that are not tracked well by governance processes.
What Commonly Creates Shadow Identity
Common causes include mergers, manual provisioning, weak offboarding, poor asset ownership, shadow IT, legacy applications, and disconnected identity systems.
Shadow Identity vs. Shadow IT
Shadow IT refers to unsanctioned systems or tools. Shadow identity refers specifically to unmanaged or untracked access entities and trust paths.
Frequently Asked Questions
Why is shadow identity dangerous?
Because attackers can abuse forgotten or unmonitored identities that no one is actively reviewing.
How do teams reduce shadow identity risk?
By improving identity inventory, governance, provisioning discipline, deprovisioning, and review of non-human and legacy access.
