Organizations today are managing an explosion of non-human identities — service accounts, automation bots, AI agents, and API credentials — spread across an increasingly complex hybrid infrastructure. Yet most IAM teams still lack visibility into how many machine accounts exist, where they live, and which ones represent emerging risks.
Today, we’re announcing a major expansion to AI-Powered Machine Account Discovery, a feature of SailPoint Machine Identity Security, that broadens the scope of what organizations can discover and how precisely they can classify what they find.
Discover Machine Accounts Across Your Entire Hybrid Environment
When we launched AI-Powered Machine Account Discovery, we started with the two most prevalent identity sources in the enterprise: Active Directory and Entra ID (Azure AD). Customers immediately saw value — surfacing hundreds, thousands, and in some cases tens of thousands of of previously unknown machine accounts using our ML-powered detection engine.
But non-human identities don’t live in just two directories. Machine accounts are created in HR systems, cloud platforms, and SaaS applications — and they’re growing fast.
With this release, Machine Account Discovery now supports 5 additional sources:
-
Google Workspace
-
OpenLDAP
-
Workday Accounts (Direct)
-
Workday Accounts (SaaS)
-
Linux
This brings total source coverage to 7 identity systems, giving administrators a unified view of machine accounts across directories, cloud infrastructure, and HR systems — all within SailPoint Machine Identity Security.
At the same time, we’ve enhanced detection for the sources you already use. Active Directory now gets deterministic detection of Group Managed Service Accounts (gMSA), Managed Service Accounts, SPN-bearing accounts, and Workstation Trust Accounts. Microsoft Entra ID gains automatic identification of Service Principals, Managed Identities, and AI agent-specific attributes. These new rules work alongside the existing ML model so you see a single, unified recommendation for every account.
Transparent, Explainable Recommendations
Every discovery recommendation comes with a explanation of why it was flagged. Click the insight badge on any discovered account to see the specific signals that triggered the recommendation.
This transparency helps administrators make faster, more confident decisions and provides the evidence trail auditors expect.
Built on SailPoint Identity Security Cloud
SailPoint Machine Identity Security is deeply integrated with SailPoint Identity Security Cloud. This means machine accounts and human identities are managed side by side – with consistent governance, access controls, and certification policies across the board. No separate tools.
What’s Next
This release establishes the multi-source foundation for our discovery engine. In the coming quarters, we’ll add more sources, expand ML-powered detection to cover more sources — continuing to close the gap between discovery and full machine identity governance.
Availability
This update is available now to all SailPoint Identity Security Cloud customers with Machine Identity Security. To get started, navigate to Identity Management > Uncorrelated Accounts to see discoveries across your connected sources.
To learn more, visit sailpoint.com or contact your SailPoint account team.