Managing Machine Accounts
If your organization has Machine Identity Security, you can set criteria to classify the machine accounts on a source. A machine account is a non-human account that relates to an application or service. Machine accounts may include service accounts, bots, or shared accounts that multiple users log in to. Like human and uncorrelated accounts, machine accounts can also be disabled, aggregated, unlocked, and removed.
After your classification policy has been processed, you can review and identify potential machine accounts that the policy may have missed. You can then update the accounts’ correlation and attributes as needed.
Discovering Potential Machine Accounts
During processing, the system may not classify some machine accounts. This may occur when account data is incomplete or the classification policy used is too restrictive. To resolve this issue, you can use the Discovered as Machine insight to identify and update the correlation for these accounts.
SailPoint’s AI Machine Account Discovery identifies potential machine accounts by detecting specific keywords and names in account attributes. For example, the AI may look for the following keywords or features to determine whether an account is a potential machine account:
- Machine-related keywords like "service" or "svc" in the
nameordisplayNameattribute. - No human name in the
nameordisplayNameattribute. - Passwords with no expiration.
Note
The Discovered as Machine insight is only available for accounts on Active Directory and Microsoft Entra ID sources.
For information about SailPoint's AI policies, refer to AI at SailPoint.
To view a list of discovered accounts:
-
Go to Admin > Identity Management > Accounts and select Human Accounts or Uncorrelated Accounts from the left panel.
-
View the Discovered as Machine tile to review the number of human or uncorrelated accounts identified as potential machine accounts.
-
Select the Discovered as Machine filter to view a list of potential machine accounts.
-
Select the Discovered as Machine label in the Insights column to view the reasons why the account was discovered as a potential machine account.
Note
SailPoint’s AI Machine Account Discovery reviews updated accounts hourly to discover possible machine accounts. When discovered, the Discovered as Machine label is added to these accounts.
-
After you have reviewed this information, choose whether to accept or dismiss the insight.
To accept an insight:
If you agree with the rationale, you can update the account’s correlation to classify it as a machine account. After the account’s correlation has been changed, you can select View account to view additional information about the account.
To dismiss an insight:
If you disagree with the rationale, you can dismiss the insight for an account by selecting Actions 
> Dismiss Insight.
Note
An insight cannot be accessed after it has been dismissed.
To dismiss insights for multiple accounts, select the checkboxes next to the accounts and then select Dismiss Insights. SailPoint’s AI tracks your dismissals to provide better insights to your organization in the future.
Correlating Accounts to Machine Identities
After processing your classification policy, some machine accounts might be incorrectly classified or correlated to the wrong identities. For example, some machine accounts might have been correlated to human identities. You can review these accounts in the Human Accounts list to determine whether they should be correlated to machine identities.
To correlate accounts to machine identities:
-
Go to Admin > Identity Management > Accounts.
-
Select Human Accounts or Uncorrelated Accounts from the left panel.
Note
To update the correlation for a machine account in the Machine Accounts List, refer to Updating Machine Accounts.
Tip
The Classified as Machine tile will display on the Human Accounts page when machine accounts are correlated to human identities. Select the Classified as Machine filter to view these accounts and determine whether their correlation should be updated.
-
Find the account that should be correlated to a machine identity and select Actions
> Update Correlation.Alternatively, you can update the correlation for multiple accounts. Select the checkboxes for the accounts you want to change and then select Correlate to Machine Identity.
Note
You can select and correlate up to 100 accounts at a time.
-
Select Machine as the account type.
- Select Save to update the account and apply the mappings configured for the source.
You can review the machine account’s attributes to ensure the account details are correct. If changes are required, you can update the attributes for the individual account or the mappings for the account's source.
Note
If mappings were not configured before correlation, the machine account will be correlated to a partial machine identity. The account will not have an account owner, environment, or description. You can update this information by editing the machine account’s attributes.
The accounts are classified as machine accounts and will retain this classification regardless of changes in the source’s account configuration.
Updating Machine Accounts
You can manually update a machine account’s attributes after it’s been mapped. For example, you might need to update the account owner for a machine account if the previous owner moves to a different role or leaves your organization.
-
Go to Admin > Identity Management > Accounts.
-
Select Machine Accounts from the left panel.
-
Find the machine account you want to update and select Actions
> Update Account. -
Make changes as needed and select Apply.
Note
Machine accounts can only be correlated to machine identities.
Identity Security Cloud will preserve manual changes made to this account even when its mapping changes.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.