Beat the rush and join us early for complimentary barista-made coffee and breakfast.

Non-human identities now play a central role across cloud platforms, CI/CD pipelines, APIs, and AI-driven workflows. As these identities scale, many teams are finding that practices designed for human access need to be adapted to support automation, autonomy, and rapid change.

This keynote explores how non-human identity usage is evolving in real environments, where traditional IAM approaches need refinement, and how organisations are adjusting ownership and lifecycle models to maintain visibility and control while supporting innovation.

We’ll cover:

• How service accounts, APIs, and AI agents are typically introduced and managed across modern platforms
• Where teams are encountering challenges with ownership, lifecycle management, and visibility as these identities grow
• Practical approaches organisations are using today to improve governance of non-human identities without slowing delivery

Enterprise SaaS usage now extends far beyond the official application inventory. Business teams adopt new tools, integrations are created quickly, and many applications sit outside established identity governance processes. As this landscape grows, security teams are finding that traditional application onboarding and access review models need to catch up with how SaaS is actually used.

This keynote explores how identity and security teams are discovering applications that sit outside governance, bringing them into the identity perimeter, and reshaping the application lifecycle so blind spots do not keep widening. It looks at where full integration is needed, where lighter-touch controls are enough, and how teams are improving visibility without slowing the business.

We’ll cover:

• How unsanctioned and undergoverned SaaS applications are being discovered across the enterprise
• Where teams are finding the biggest access, ownership, and leaver-management gaps in the application estate
• Practical approaches organisations are using to bring identity, security, procurement, and finance into the application lifecycle from day one

Regulators are no longer treating identity as a background control. Across financial services and regulated industries, access decisions, identity logs, and privileged activity are now being examined directly during investigations, audits, and post-incident reviews.

This panel brings together security, identity, and risk leaders to unpack how US regulatory expectations around identity have shifted, what scrutiny actually looks like in practice, and how teams are preparing for enforcement without turning IAM into a compliance-only function.

We’ll discuss:

• How identity controls are being examined under NYDFS cybersecurity rules, SEC cyber disclosure requirements, and evolving state privacy laws
• What regulators look for after an incident including access logs, privileged activity, review evidence, and decision traceability
• Why baseline controls like MFA are now assumed, and what “defensible access decisions” really mean in regulatory conversations

Many organizations are still managing multiple identity platforms across legacy applications, cloud services, acquisitions, and different business units. Over time, these environments become harder to maintain, more difficult to secure, and increasingly expensive to operate. At the same time, consolidation projects introduce operational risk, especially when authentication services support thousands of users and critical systems.

This session explores how fragmented identity environments can be simplified in practice, where teams commonly encounter migration and coexistence challenges, and the practical approaches being used to modernize identity architecture while maintaining continuity for users and applications. Rather than forcing a rip-and-replace of major systems, many teams are looking for practical ways to consolidate identity gradually and seamlessly.

We’ll cover:

• How teams assess fragmented identity environments and decide what to consolidate, retire, or leave in coexistence
• Where organizations encounter the biggest operational and political challenges during identity migration projects
• Practical approaches teams are using to modernize legacy identity systems while minimizing disruption for users and production environments

Seventy percent of acquisitions fail to deliver projected value. Research consistently identifies identity integration as a primary reason however rarely surfaces where and when the damage actually occurs. It occurs before Day One, in the architecture decisions that were never made while the lawyers were still negotiating.

Drawing on independent practitioner experience across large-scale regulated environments where authentication failure is not a recoverable UX event, it is a patient safety and care continuity problem. This session presents three publicly documented failure patterns and the architectural decisions that would have changed their outcomes.

• Absorption Assessment: Why identity platform capacity must be audited before the LOI, not after close.
• Resolving Identity Debt: How temporary bridges become permanent entry points for the next major incident.
• The Agentic Risk: Why Non-Human Identity (NHI) governance is now a pre-close M&A risk, not a post-close IT task.
• Resilient Federation: Implementing trust models that preserve operational continuity without forcing premature consolidation.

‍

Identity and security decisions increasingly influence how users experience products, platforms, and internal tools. Step-up authentication, session expiry, device trust, and risk-based access now sit inside critical journeys, often requiring trade-offs between protection, usability, and performance.

This panel brings together identity, security, and product leaders to discuss how these trade-offs show up in practice, how teams identify unintended impacts over time, and how ownership is evolving as identity becomes more closely tied to user experience and business outcomes.

We’ll explore:

• How authentication and access decisions affect conversion, engagement, and productivity over time
• Where well-intentioned security changes created unexpected friction for users
• How teams collaborate across security, identity, and product to manage trade-offs

Delegates will chose from a list of pertinent peer-to-peer discussion topics focussing on evolving and emerging trends, techniques and technologies.

Put your knowledge to the test in this fast-paced quiz covering real-world identity trivia, key concepts, and emerging trends. Compete for bragging rights—and a travel voucher—as the top scorer takes the crown.

AI systems are starting to act autonomously on behalf of users, calling other services, triggering actions, and making decisions across multiple systems. As this happens, many organisations are discovering that identity context, ownership, and accountability are difficult to maintain once requests move beyond a single application or model.This session explores how identity and access control change when actions are taken by chains of AI agents rather than humans. Drawing on real-world experience, it examines where existing IAM approaches fall short and how teams are adapting authentication, delegation, and auditing models to retain control as autonomy increases.We’ll cover:

• How user intent and accountability can be preserved as actions pass through multiple AI agents
• Why static credentials and traditional service accounts struggle in agent-driven workflows
• How teams are reducing the risk of unintended or unauthorised actions in autonomous systems

‍

This session introduces the Identity Uncertainty Principle, an original concept that reframes how we think about identity and access in the era of AI agents.

As AI agents become more autonomous, traditional models of identity built on static credentials and point-in-time authentication begin to break down. I’ll walk through:

• Why identity certainty decays as agent autonomy increases
• The limitations of static authentication and authorization models in agentic systems
• The shift toward continuous behavioral attestation and dynamic trust
• Implications for Zero Trust, non-human identity governance, and privileged access
• Practical approaches IAM leaders can take to secure autonomous systems at scale

‍

Identity systems are designed to provide control, accountability, and traceability. But when long-standing service accounts, APIs, or machine identities begin behaving in unexpected ways, those assumptions can be tested quickly. Ownership becomes unclear, privilege boundaries blur, and incident response and compliance timelines start to collide.

This interactive Think Tank puts the room into a realistic identity incident. Participants vote live on a series of real-world decisions, explore the implications together, and revisit their choices as new information emerges and trade-offs become clearer.

We’ll Cover:

• How teams respond in the first moments of an identity incident involving privileged non-human access
• The decision trade-offs between containment, investigation, and business disruption
• Where identity lifecycle and governance gaps typically surface under pressure