Skip to main content
Connectors 14 Beta • 35+ Experimental

Connect Your Entire
Identity Estate

IdentityFirst reads from your existing systems — no agents, no schema changes, no writes. Beta connectors are production-ready; Experimental connectors are available to early adopters under SLA.

Book a Demo Connector Docs
  • Read-only by default — no write access required
  • Polly-backed retry and circuit-breaker on every connector
  • Normalised to CanonicalIdentity model
  • Supports push (webhook) and pull (scheduled) modes
  • New connectors released every sprint

Two Connector Tiers

We are transparent about maturity. Every connector is labelled so you know exactly what to expect.

Beta 14 connectors

Production-Ready

Beta connectors have been tested against live tenants, have unit and integration test coverage, and are covered by our standard SLA. They are safe to use in production assessments.

  • Covered by standard SLA
  • Integration-tested against live systems
  • Full error handling and Polly retry policies
  • Documented in connector reference
Experimental 35+ connectors

Early Adopter

Experimental connectors are functional but may have edge cases under certain tenant configurations. Available to early adopters who can provide real-world feedback. Not covered by standard SLA.

  • Functional but not fully hardened
  • Available on request to early adopters
  • Actively promoted to Beta based on feedback
  • Direct engineering support during onboarding

Connects to the vendors you already use

Microsoft logo Microsoft
Amazon Web Services logo Amazon Web Services
Google Cloud logo Google Cloud
Okta logo Okta
CrowdStrike logo CrowdStrike
Splunk logo Splunk
Workday logo Workday
SailPoint logo SailPoint
ServiceNow logo ServiceNow
Datadog logo Datadog
Ping Identity logo Ping Identity
Jamf logo Jamf

Beta Connectors

Production-ready integrations included in all plans.

Active Directory

Directory

Full AD forest enumeration, privileged group analysis, and password policy assessment.

Microsoft Entra ID

Cloud IdP

Entra ID users, groups, conditional access, PIM roles, and access reviews.

AWS IAM

Cloud

IAM users, roles, policies, and CloudTrail identity events.

Google Workspace

SaaS

Google Workspace users, admin activity, and OAuth application inventory.

Okta

Federation

Okta users, groups, applications, MFA factors, and system log events.

CyberArk PAS

PAM

Privileged account inventory, safe membership, and session activity.

BeyondTrust

PAM

Password Safe and Privilege Management event collection.

SailPoint IdentityNow

IGA

Identity lifecycle events, certifications, and entitlement data.

Workday

HR

HR user data as authoritative identity source with lifecycle signals.

GCP IAM

Cloud

GCP IAM bindings, Audit Logs, and service account inventory.

Windows Event Log

Directory

WEF push receiver for authentication events (4624, 4720, 4726, 4672).

CrowdStrike Identity

Security

CrowdStrike identity protection events via webhook receiver.

Splunk

SIEM

Outbound SIEM forwarding — push fabric events to Splunk HEC.

Azure Sentinel

SIEM

Sign-in log ingestion and outbound event forwarding to Sentinel workspace.

Experimental Connectors

35+ connectors available to early adopters. Contact us to enable any of the following.

PAM

HashiCorp Vault

PAM

Delinea Secret Server

IGA

Saviynt EIC

IGA

SailPoint IIQ

IGA

ForgeRock

Federation

Ping Identity

Endpoint

Jamf MDM

ITSM

ServiceNow

Observability

Datadog

Directory

OpenLDAP

Directory

FreeIPA

SaaS

GitHub Enterprise

SaaS

GitLab

SaaS

Salesforce

SaaS

Jira / Confluence

Federation

Okta System Logs

HR

HiBob

HR

BambooHR

HR

Personio

SIEM

QRadar

Security

Microsoft Defender

MFA

Duo Security

Cloud

Kubernetes RBAC

IGA

One Identity

IGA

Micro Focus NetIQ

IGA

RSA SecurID

IGA

Beta Systems IAM

PAM

Azure Key Vault

Cloud

AWS CloudTrail

SIEM

Syslog / CEF

Cloud

Terraform Cloud

PAM

1Password Business

Directory

JumpCloud

PAM

Bitwarden Enterprise

Directory

Samba AD

Don't see your system? We prioritise connector development based on customer demand.

Request a Connector

How the Connector Framework Works

All connectors share the same normalisation pipeline — data from every source flows through CanonicalIdentity before reaching any analysis engine.

1. Connect

Supply read-only credentials (API key, service principal, or service account). IdentityFirst never requires admin rights. Principle of least privilege enforced.

2. Normalise

The DataNormalisation engine maps each source record to the CanonicalIdentity model. Built-in rules handle name casing, email deduplication, and attribute trimming.

3. Graph

Normalised records flow into the TemporalIdentityGraph. Identities from multiple sources are correlated, deduped, and enriched with risk scores and drift signals.

Ready to Connect Your Identity Estate?

Book a 30-minute technical call. We'll confirm connector compatibility with your environment before you commit to anything.

Book a Demo Connector Documentation