Evidence-first
Evidence-first reporting that makes identity risk easier to explain and prioritise.
For MSPs
Turn access risk reviews into a managed service, not a one-off project.
If you are an MSP, IdentityFirst gives you a stronger commercial story than reactive support alone: land the client with MRI evidence, stay relevant with recurring review, and prove improvement over time.
The first value is not the platform diagram. It is a client conversation that starts with MRI evidence and ends with a service the client can understand, renew, and expand. The product path supports that commercial motion rather than replacing it, and only MRI should be presented as public GA.
Commercial shape
- Land with evidence your client can understand.
- Convert findings into recurring governance reviews.
- Use representative client-facing reporting to prove value quarter after quarter.
- Differentiate from reactive IT support with a higher-trust security motion.
Service posture
A credible MSP offer starts with a truthful first promise.
Evidence-first identity security that starts read-only and keeps humans in control.
Read-only day one
Read-only on day one so teams can start without changing production systems.
Human-approved writes
Any write path stays human-approved. IdentityFirst does not claim autonomous action.
Public messaging stays within current product boundaries and explicitly published connector status.
What you can sell now
Lead with a client outcome, not a product name.
Most partners do better when they sell the service motion first, then use the product path to support it.
Open the account
Give the client a first access review that is easy to approve and easy to understand.
Run the cadence
Use recurring reviews and reporting to keep the service commercially relevant after the first report lands.
Grow the account
Turn proof of progress into renewals, remediation projects, and a more strategic role in the client relationship.
Managed service logic
A cleaner win, keep, and grow model.
Most managed service providers can win the first meeting with a clear review. The harder part is staying valuable after the report. IdentityFirst is designed for both stages.
The commercial value is not the first scan on its own. It is the service loop that follows: set the starting point, review what changed, guide the fix work, and use that rhythm to renew and grow the account.
- The first review gives the provider a credible way in.
- Governance cadence keeps the service commercially relevant.
- Client-facing proof of progress makes renewal easier to defend.
Land
IdentityFirst MRI
A read-only access review that quickly shows the client what looks risky and gives them a clear starting point. This is the public GA offer.
Sell it as: the first evidence-led review the client can act on.
Operate
IdentityFirst Core
Regular reviews, trend tracking, and clearer service conversations for monthly and quarterly client meetings in approved rollout scopes.
Sell it as: the recurring review and reporting layer that keeps the account live.
Expand
IdentityFirst Enhanced and IdentityFirst AISF
Deeper guidance and tighter control for accounts that need more than basic ongoing monitoring, but only in private beta or explicitly approved programmes.
Sell it as: advanced service expansion for more mature accounts, not the first promise.
Why clients buy
Clients rarely ask for technical tooling. They ask for control, confidence, and proof.
What the client hears
“Show me who still has access, what should worry me first, whether we are improving, and how I explain this to the board or auditor.”
What the MSP sells
“We can set the baseline, run the reviews, show the progress, and help you manage access risk as an ongoing service.”
Board reporting
A more credible executive conversation than “we have security tools”.
Audit readiness
Representative evidence and trend outputs that make access governance easier to discuss with auditors and insurers.
Operational cadence
Recurring meetings anchored in findings, remediation, and measurable movement rather than generic ticket summaries.
Account stickiness
The service becomes harder to displace once the MSP owns the reporting rhythm, governance narrative, and improvement baseline.
Operating advantages
Useful for the MSP team, not just the client deck.
Tenant discipline
Keep customer boundaries clear while building a repeatable portfolio service rather than custom work every time.
Lower-friction entry
Read-only assessment is easier to approve than a disruptive change programme and helps open the account on evidence rather than opinion.
Service differentiation
Moves the MSP conversation up from backup, endpoint, and reactive support into governance and resilience.
Expansion path
A credible route from first assessment into recurring monitoring, policy reviews, access remediation projects, and higher-value advisory work.
Present it honestly
The public offer is already useful without pretending everything is fully released.
Today
IdentityFirst MRI is the only public GA product and the strongest entry point for MSP-led customer conversations.
Next
IdentityFirst Core represents the recurring service layer the MSP account team can build towards in approved rollout scopes, not the default public promise.
Later
IdentityFirst Enhanced and IdentityFirst AISF should be positioned as private-beta expansion surfaces, not default promises in a first sale.
Commercial close
If you can prove identity risk clearly, you give the client a reason to stay with you.
That is the MSP value here. Not another dashboard. A service motion that starts with MRI evidence, matures into governance, and gives the provider a more strategic role inside the client relationship without overstating later-tier availability.