👋 New here? Take the 5-step tour — fleet to live findings in under 5 min.
Start tour

🔔 Recent activity

Loading…

Identity

Cross-system policy intelligence over Okta, Entra, ISE, ClearPass, and AD.

1

Auto-detect

Scan email DNS, LAN, and Graph to find Okta / Entra / ISE / ClearPass / AD reachable from this host. Read-only.

2

Connect a system

Add credentials for one of the 5 supported identity systems. Stored in the encrypted vault, never sent off this host.

3

Add an NHI manually

Service accounts, API keys, IAM roles. Track owner + rotation cadence even before adapters are connected.

Connectors checking… Setup help →
Next 3 actions identity-scoped — top stale NHI, top over-privileged human, top conflict All findings →

Non-human identities

Service accounts, API keys, IAM roles. Owner + rotation cadence drive the stale-NHI finder and rotation-overdue alerts.

Loading…

Translate intent → per-system change

Plain English in, unified policy IR out, per-system change preview at the bottom. Submitting calls /api/identity/translate; nothing is committed without an explicit dry-run + confirm-token review.

Just-in-Time access

Time-boxed grants. Issued through /api/identity/jit/grant, auto-expired by the daemon. Apply step still requires confirm-token.

A JIT record is persisted locally; pushing the grant to the target system requires a separate dry-run + confirm-token from /findings.