Home Contact us

Documentation FAQ

Generate automation flows with Luna AI Manage Luna AI persistent memory What are Luna playbooks?Artifacts

Setting Up a Source of Truth Managing Entitlements Importing Users Understanding Access Types Access Policy Primary Owners vs. Owners What is Managed Access?Bulk Entitlement Import View transitive access for resources Time-gated approval conditions

Article 1: What is an Access Review?Article 2: Campaigns vs. One-Off Reviews Article 3: Creating a Campaign Article 4: Configuring Review Scope & Filters Article 5: Assigning Reviewers Article 6: How Review Cycles Work Article 7: Completing a Review — Reviewer Guide Article 8: Luna AI Suggestions Article 9: The Approval Workflow Article 10: Outcomes & Automated Remediation Article 11: Notifications & Reminders Article 12: Evidence, Attestation & Audit Certificates Article 13: Reporting & Audit Trail Article 14: Troubleshooting & FAQs

Introduction to Workflows

Ticketing Systems

Workspace & Identity

Set Up Instructions

Okta Why can’t I access the employee portal?What does the "Last Accessed" date mean for an NHI?

Anthropic Integration The Ploy Connector

Daily reminders

Create an Immediate Offboarding Offboarding Overview

Understanding Ploy Permissions and Roles

Browser Extension

Browser Extension How to request access with the Browser extension How to import users to Ploy using the Browser Extension

Connect monday.com to Ploy

How to add hyperlinks in Send Email nodes

What does the "Last Accessed" date mean for an NHI?

What does the "Last Accessed" date on an NHI actually mean?

It reflects whatever the connected source system reports as its most recent successful authentication event — Ploy doesn't generate this timestamp itself, it reads it from the integration.

Does it include non-interactive logins (background service calls), or only interactive ones?

It depends on the source system:

Most integrations (Auth0, Google Workspace, Okta, Airtable, Freshservice, etc.) don't distinguish — they expose a single "last login" or "last activity" field that covers both.
Azure/Microsoft service principals — Ploy pulls from Azure's sign-in audit logs, which technically include both. In practice, non-interactive background calls can be underrepresented because of how Azure surfaces them, so the date may skew toward delegated/interactive use.
API keys (e.g. OpenAI) — purely usage-based; any authenticated API call, interactive or not, will update it.

Is it real-time?

No. It refreshes on Ploy's scheduled scan cycle for that integration — typically daily, though some integrations run more frequently.

Why is it blank?

Either no auth event has ever been recorded in the source system, or the scanner hasn't run yet since the NHI was added.

Is the top-level "Last Accessed" the same as what's on individual credentials?

Not necessarily. Individual credentials (certificates, secrets, tokens) can each carry their own last-used timestamp if the source system tracks at that level — and that can sometimes be more granular than the top-level NHI date.

Bottom line

Treat "Last Accessed" as a useful signal, but understand it's only as precise as what the upstream source system exposes — and for Azure specifically, take the date with a small grain of salt if you're trying to catch purely background service activity.

For more on how "Last Accessed" appears in access reviews, see How Review Cycles Work.

Was this helpful?

On this page

What does the "Last Accessed" date on an NHI actually mean?
Does it include non-interactive logins (background service calls), or only interactive ones?
Is it real-time?
Why is it blank?
Is the top-level "Last Accessed" the same as what's on individual credentials?
Bottom line

Was this helpful?