Skip to main content
Public website
Public website surface Marketing and explanation content. This is not the canonical authenticated runtime.
Canonical runtime: app.identityfirst.net

Evidence-first identity security

Start with proof you can inspect, not claims you have to trust.

IdentityFirst MRI is the current GA offer: a read-only identity assessment with evidence-backed findings, launch-core connectors, and a clear first action without changing production systems.

IdentityFirst Core is the controlled rollout path once the first assessment proves value. IdentityFirst Enhanced and IdentityFirst AISF stay private beta until the support boundary is wider and the operating evidence is stronger.

Book your 30-minute assessment Evidence for every claim
Evidence-first reporting Read-only on day one Human-approved writes only

Route guide: use assessment booking when you are ready to request a specific assessment or review. Use contact for a lower-commitment discussion first.

Choose the angle that matches your role. The page will keep the same story, but bring forward the problems and outcomes most relevant to you.

Choose the view that fits you best

The story stays the same. The emphasis changes to match what matters most in your role.

Overview

Start with the big picture first

Overview

I lead security

Focus on exposure, resilience, and board confidence

Security

I run identity and access

Focus on review effort, stale access, and control

Identity

I oversee finance or risk

Focus on governance, prioritisation, and value

Risk

I handle compliance

Focus on evidence, assurance, and audit readiness

Assurance

I run an MSP

Focus on service creation, proof, and recurring revenue

MSP

Positioning

A narrow promise, stated clearly.

Evidence-first identity security that starts read-only and keeps humans in control.

Evidence-first

Evidence-first reporting that makes identity risk easier to explain and prioritise.

Read-only day one

Read-only on day one so teams can start without changing production systems.

Human-approved writes

Any write path stays human-approved. IdentityFirst does not claim autonomous action.

Public messaging stays within current product boundaries and explicitly published connector status.

Why teams start here

The first value is evidence, not disruption.

Most organisations do not need another platform promise. They need a clearer answer on where access has built up, what matters first, and what they can prove to boards, auditors, customers, and insurers afterwards.

Read-only first

Start by checking existing systems without changing production. That makes the first step easier to approve and easier to explain internally.

Usable findings

Turn access sprawl, risky exposure, and control gaps into something operators, boards, auditors, and clients can actually understand.

Credible next step

Start with assessment, then move into ongoing review and governance if the organisation or MSP wants a repeatable service around it.

Evidence-first ISPM

Why evidence beats prediction on day one

IdentityFirst is strongest when it stays close to what can actually be verified now: read-only collection, visible connector maturity, evidence-backed findings, and an explicit product ladder from MRI to later controlled rollout.

Evidence before expansion

MRI is the current GA surface because it proves access reality, stale privilege, drift, and ownership issues without requiring a change programme first.

Product stages stay visible

Core is controlled rollout. Enhanced and AISF remain private beta. The public site should not compress those stages into one vague “platform” claim.

Verification path attached

Connector maturity, trust language, and product status should all line up with the evidence register so buyers can inspect the same boundary for themselves.

Read the evidence-first explainer See current product status

Identity intelligence

The same identity reality should mean something different to each stakeholder.

Most products give one score, one explanation, and one generic recommendation. IdentityFirst keeps the underlying facts the same, then translates them for the person who actually has to act on them.

Explain identity risk

Show the board the strategic risk posture, show the SOC the active threat surface, and show IAM where drift and lifecycle hygiene are breaking down.

Translate complexity

Turn accumulated access, hidden privilege, and cross-system exposure into evidence, context, and recommended action instead of another dense technical screen.

Keep one truth underneath

The same estate, findings, and evidence can support executives, auditors, app owners, and finance stakeholders without inventing a different story for each of them.

Built for the people who own identity risk

Whether you’re briefing the board, responding to an incident, building an audit pack, or managing a client portfolio — IdentityFirst turns the same evidence into predictive, decision-ready reporting for each audience.

For CISOs

Board-ready risk picture

Turn identity sprawl into posture trend, likely next impact, confidence-backed decision framing, and a roadmap your board can actually fund.

CISO use cases →
For SOC Teams

Triage faster with context

Move from alert detail to threat narrative: likely time-to-impact, AI confidence, attack-path realism, and when automation beats manual response.

SOC use cases →
For GRC & Compliance

Control-reference reporting

Prioritise controls by risk, see likely time-to-compliance, and measure audit readiness from the same identity evidence instead of reworking it by hand.

GRC use cases →
For MSPs

Multi-tenant at scale

Run assessments across your client portfolio with tenant-isolated reporting that feels personalised to the role, estate, and commercial moment in front of you.

MSP use cases →

Report evolution

Reports that move from static findings to decision support.

The same evidence can now be layered into different report stories: trend and prediction, what to do next, business impact, guided narrative flow, and role-aware context.

Static to dynamic

Trend, movement, and likely next-state instead of one frozen score.

Descriptive to prescriptive

What to do next, why now, and where the first visible value appears.

Risk to decision impact

Operational, audit, and financial consequence tied back to the same identity evidence.

Data to story

Guided narrative flow from threat path to action, not a disconnected findings dump.

Generic to personalised

Different framing for boards, SOC, IAM, GRC, and service-provider delivery teams.

What this means for overview

IdentityFirst starts by checking your existing systems without changing them. It shows where access has built up, where risk is sitting, and how improvement can be measured over time.

Get a clear first picture without production changes

See where access has accumulated over time

Understand risk in plain English

Start with assessment, grow into governance

Why identity first

The operating problem is rarely one alert. It is accumulated access.

Hybrid estates, SaaS growth, third-party access, leavers, dormant accounts, and privileged drift create slow-moving exposure that traditional tooling often reports too late or too noisily.

Most organisations do not have one clean identity boundary. They have several source systems, multiple admin surfaces, third-party applications, and years of inherited access decisions. The job is not to generate more noise. It is to turn that sprawl into a clearer answer.

  • Bring disconnected identity sources into one view of access.
  • Highlight the exposures that accumulate quietly between systems.
  • Give operators and boards a more usable explanation of what matters first.
Diagram showing multiple identity sources feeding a shared access view, with dormant identities, MFA gaps and excessive access emerging as key risk themes.
One visual answer is often stronger than another paragraph. This is the problem space the platform is trying to make legible.

Stale access

Ex-employees, dormant accounts, inherited group membership, and guest identities linger long after their business need has gone.

Hybrid drift

AD, Entra ID, M365, remote access, and line-of-business systems rarely move in lockstep. Risk hides in the gaps between them.

Application sprawl

OAuth grants, service principals, shared mailboxes, and third-party SaaS create access paths that are hard to explain to a board and harder to govern at scale.

Evidence gap

Security teams may suspect the issue. Boards, auditors, insurers, and managed service providers still need evidence, prioritisation, and a credible operating story.

Product progression

Four products. One progression.

Most buyers should start with proof, then decide whether they need a controlled governance rollout. The product range follows that same path, with clear status on what is available now and what remains later-stage.

GA now

IdentityFirst MRI

A read-only access review that gives you evidence-backed findings, a clear first action, and a report you can use internally.

Best for getting a clear first picture without making changes to the customer environment.

View MRI
Controlled rollout

IdentityFirst Core

The governed next step for organisations that want recurring review, reporting cadence, and tighter operating control after MRI.

Best for turning a one-off assessment into a repeatable operating rhythm.

View Core
Private beta

IdentityFirst Enhanced

Later-stage guided analysis and richer decision support for approved pilots, not broad public GA.

Best for more mature teams that need more than baseline monitoring.

View Enhanced
Private beta

IdentityFirst AISF

The most advanced layer for bounded, human-governed orchestration in approved private-beta programmes.

Best understood as an advanced future-facing layer, not the place most customers start.

View AISF

Get Personalized Recommendation

Not sure where to start? We'll help you choose.

Answer a few quick questions to get a tailored product recommendation based on your role and goals.

Shared substrate

One website, one working product, and one shared foundation underneath.

Public and demo

The public website and demo layer explain the company, show representative workflows, and carry commercial and trust messaging.

Authenticated portal

The authenticated portal is the operator and customer experience for runs, reports, governance, posture, and presentation views.

Control plane

The control plane handles runtime authority, licensing, orchestration, approvals, and connector execution boundaries.

Substantia

Identity truth, graph, intelligence, evidence, and execution contracts. The reason the stack is more than disconnected dashboards.

Buyer fit

Built for commercial clarity as well as technical depth.

Boards and executives

A clearer line from identity exposure to governance, resilience, audit evidence, and measurable improvement over time.

MSPs and service providers

A credible MRI entry service first, then a path into recurring monitoring and governed expansion only where the client is ready for more.

Security and IAM teams

Evidence-backed visibility, less guesswork, better prioritisation, and a more defensible operating model for hybrid identity estates.

Start where the evidence is strongest

Most customers do not buy platform first. They buy proof.

IdentityFirst MRI is the public starting point because it is the clearest, safest first step: read-only evidence, explainable findings, and a clear next action. IdentityFirst Core follows as a controlled rollout, with IdentityFirst Enhanced and IdentityFirst AISF kept in private beta until they are ready for broader selling.

See the MRI demo See the MSP model