Skip to main content
Public website
Public website surface Marketing and explanation content. This is not the canonical authenticated runtime.
Canonical runtime: app.identityfirst.net
Connectors 5 GA anchors 9 Beta controlled pilots 55 Experimental

Connect Your Entire
Identity Estate

IdentityFirst reads from your existing systems — no agents, no schema changes, no assessment-time writes. Start with 5 GA launch anchors, add 9 Beta controlled pilots where the scope fits, and use the wider Experimental estate only for roadmap and controlled validation.

Book a Demo Connector Docs
  • Read-only by default — no write access required
  • Polly-backed retry and circuit-breaker on every connector
  • Normalised to CanonicalIdentity model
  • Supports push (webhook) and pull (scheduled) modes
  • New connectors released every sprint

Public Connector Maturity

We do not sell raw connector count as maturity. The public launch story is depth-first: GA launch anchors first, Beta controlled pilots second, Experimental only by request.

GA anchors 5 connectors

Production-led launch path

These are the public launch anchors we are comfortable leading with for production assessments. They underpin the default MRI and early Core connector story.

  • Safe default for launch-path commercial claims
  • Explicitly called out in the public connector registry
  • Used to support depth-first deployment messaging
  • Read-only at the assessment boundary
Beta 9 connectors

Controlled pilots

Beta means controlled pilot, not blanket production-ready. These connectors have meaningful implementation progress, but we validate scope, permissions, and evidence depth with you before treating them as production-mature.

  • Available for controlled pilots and scoped production validation
  • Suitability depends on agreed evidence requirements
  • Maturity is explicit; we do not hide connector limits
  • Not a promise of broad SLA-backed production maturity
Experimental 55 connectors

Early Adopter

Experimental connectors are available for roadmap-led validation and selected customer demand. They are not the default path for public proof, launch claims, or broad production commitments.

  • Suitable for named roadmap and evaluation discussions
  • Enabled only when the maturity tradeoff is understood
  • Read-only by default at the assessment boundary
  • Not sold as default production coverage

Connects to the vendors you already use

Microsoft logo Microsoft
Amazon Web Services logo Amazon Web Services
Google Cloud logo Google Cloud
Okta logo Okta
CrowdStrike logo CrowdStrike
Splunk logo Splunk
Workday logo Workday
SailPoint logo SailPoint
ServiceNow logo ServiceNow
Datadog logo Datadog
Ping Identity logo Ping Identity
Jamf logo Jamf

GA Launch Anchors

These 5 connectors are the production-led launch core we use to support the public MRI story without inflating the broader estate.

AWS IAM

GA anchor Cloud

AWS IAM identities, roles, policies, and CloudTrail-linked authorization evidence.

GA launch anchor. Safe default for production-led assessment claims.

Google Workspace

GA anchor SaaS

Google Workspace users, admin activity, OAuth application inventory, and identity exposure evidence.

GA launch anchor. Safe default for production-led assessment claims.

Microsoft Entra ID

GA anchor Cloud IdP

Microsoft Entra ID identities, groups, conditional access, and Azure authorization surface coverage.

GA launch anchor. Safe default for production-led assessment claims.

Okta

GA anchor Federation

Okta users, groups, applications, MFA factors, and system-log-backed identity posture.

GA launch anchor. Safe default for production-led assessment claims.

ServiceNow

GA anchor Context

ServiceNow context enrichment for identity, workflow, and supporting operational evidence.

GA launch anchor for context enrichment, not a replacement for a primary identity source.

Beta Controlled Pilots

The current public registry shows 9 Beta connectors. These are not sold as broadly production-ready; they are available for controlled pilots and scoped production validation.

Controlled pilot Directory Score 4/5

Active Directory

Hybrid anchor for forest enumeration, privileged group analysis, and evidence-backed on-prem identity posture.

Controlled pilot. Use when hybrid Active Directory scope is agreed and validated in discovery.

Controlled pilot Security Score 2/5

CrowdStrike

Identity-adjacent security telemetry for controlled investigations and contextual reporting.

Beta controlled pilot. Coverage depends on the tenant’s licensed identity telemetry surface.

Controlled pilot PAM Score 5/5

CyberArk PAS

Privileged account inventory, safe membership, and controlled pilot PAM evidence collection.

Beta controlled pilot. Validate evidence depth and operational fit before production governance claims.

Controlled pilot SaaS Score 5/5

GitHub

Repository, organization, and developer identity exposure for engineering-heavy environments.

Beta controlled pilot. Use when GitHub identity surface is in written scope.

Controlled pilot Productivity Score 5/5

Microsoft 365

Microsoft 365 identity-adjacent collaboration and admin evidence during controlled rollout.

Beta controlled pilot. Evidence depth varies by tenant permissions and agreed scope.

Controlled pilot HR Score 1/5

SAP SuccessFactors

SuccessFactors worker and lifecycle context in controlled rollout HR programmes.

Beta controlled pilot. Suitable for scoped validation, not default launch-path claims.

Controlled pilot SaaS Score 1/5

Salesforce

Salesforce tenant access, account hygiene, and identity-adjacent application exposure.

Beta controlled pilot. Validate object scope and evidence needs before relying on it.

Controlled pilot Productivity Score 1/5

Slack

Slack workspace membership and collaboration-admin posture for scoped identity reviews.

Beta controlled pilot. Controlled-use only while hardening and fixture coverage improve.

Controlled pilot HR Score 2/5

Workday

Authoritative HR identity signals and lifecycle context during controlled validation.

Beta controlled pilot. Use for scoped HR-source validation, not blanket production promises.

Beta connectors are controlled-use surfaces. We scope them with you before relying on them for production governance or stronger commercial commitments.

Discuss a Controlled Pilot

Experimental Estate

55 Experimental connectors remain available for roadmap and customer-demand validation. We surface a representative sample here instead of pretending the whole estate is launch-mature.

Don't see your system? We prioritise connector development based on customer demand and the depth-first launch programme.

Request a Connector

How the Connector Framework Works

All connectors share the same normalisation pipeline — data from every source flows through CanonicalIdentity before reaching any analysis engine.

1. Connect

Supply read-only credentials (API key, service principal, or service account). IdentityFirst never requires admin rights. Principle of least privilege enforced.

2. Normalise

The DataNormalisation engine maps each source record to the CanonicalIdentity model. Built-in rules handle name casing, email deduplication, and attribute trimming.

3. Graph

Normalised records flow into the TemporalIdentityGraph. Identities from multiple sources are correlated, deduped, and enriched with risk scores and drift signals.

Ready to Connect Your Identity Estate?

Book a 30-minute technical call. We'll confirm connector compatibility with your environment before you commit to anything.

Book a Demo Connector Documentation