Start with Visibility

IdentityFirst Platform Roadmap

We show you the truth about your identities, fast, safely, and in a way auditors accept. Then we help you fix it intelligently.

IdentityFirstMRI: Available Now Full Platform: Private Beta FortifyX Detection: Q2 2026
Start with IdentityFirstMRI View Roadmap

Where each product stands today

We build trust through clarity. IdentityFirstMRI is production-ready; IdentityFirst Platform and FortifyX are in private beta with limited seats.

IdentityFirstMRI

General availability

  • Read-only assessments
  • Multi-format reporting
  • Available to all customers

IdentityFirst Platform

Private beta roadmap

  • Modular microservices
  • Requires NDA & pilot
  • No GA date set

FortifyX

Detection & response beta

  • MFA abuse detection focus
  • Integrates with FlowGuard
  • Invite-only testing

Important context

Everything below is roadmap information for IdentityFirst Platform modules and the FortifyX beta. None of these modules are commercially available today.

We publish the detail so customers understand what we are building and can decide whether to join the private beta. IdentityFirstMRI remains our only production offering.

How We Compare

IdentityFirst occupies a unique position where traditional identity tools overlap poorly. Here's how we differ from the competition.

Traditional Identity Tools

IAM, IGA, PAM, and SSO platforms excel in specific domains:

  • Microsoft Entra ID: Cloud-based identity and access management with Azure AD capabilities, conditional access, and identity protection
  • AWS IAM: Fine-grained access control for AWS services with policies, roles, and federation capabilities
  • Google Cloud IAM: Resource hierarchy and policy management for GCP workloads and service accounts
  • Semperis: Deep AD attack-path modeling and forest-level insights
  • SailPoint: Mature lifecycle governance and certification workflows
  • Okta/BeyondTrust: User lifecycle and privileged access management
  • Ping Identity: Federation and SSO infrastructure

These tools are excellent in their domains but create visibility silos across modern multi-platform environments.

IdentityFirst: The Truth Layer

We don't replace these tools. We show you what they cannot see together:

  • Cross-Platform Truth: Inconsistencies and drift between identity systems
  • Evidence-Based Risk: Audit-grade findings with specific, verifiable data
  • Decision Layer: Clear risk acceptance and audit exception guidance
  • Reality Check: Honest assessment of what you actually know vs. assume
  • Unified Understanding: Single source of truth for identity security posture

We sit above traditional tools as the audit reality check, providing the clarity needed to make informed security decisions.

Capability Comparison

How IdentityFirstMRI compares to traditional identity security tools:

Capability IdentityFirst / IHC Semperis Microsoft SailPoint Okta
Read-only safety Yes (core design) Mostly No No No
Hybrid + multi-cloud Yes AD-centric Azure-centric Partial SaaS-centric
Identity blast radius Explicit goal Limited Implicit Governance only Minimal
Audit-grade evidence Primary focus Partial Weak Strong Weak
Deterministic results Required Mostly Mixed Mixed Mixed
Time to value Minutes / hours Hours / days Long Long Long
Change enforcement No (by design) No Yes Yes Yes
Enterprise scalability Yes Limited Limited Limited Limited

Pattern: IdentityFirst doesn't compete on enforcement. We compete on truth and clarity.

Why This Matters for Enterprise Security

Modern enterprises use multiple identity platforms simultaneously. Traditional tools create silos of visibility, leaving security teams with fragmented understanding of their identity attack surface.

Unified Visibility

See your entire identity estate in one place

Risk Prioritization

Focus on what matters most to your business

Compliance Confidence

Audit-ready evidence for regulators

Enterprise Scalability

Supports 100,000+ identities across 50+ domains

Platform Architecture (roadmap)

Architecture diagrams and descriptions reflect the current engineering plan and may change during beta. No production SLAs exist yet.

Microservices Architecture

Each module operates as an independent FastAPI service, enabling:

  • Independent Scaling: Scale modules based on demand
  • Fault Isolation: Module failures don't cascade
  • Easy Updates: Deploy module updates without downtime
  • Technology Freedom: Best tool for each job

AI-First Design

Every module integrates with our AI engines:

  • Cognitia: Ollama-based local LLM for threat analysis
  • Fidara AI: Explainable reasoning with 6 personas
  • No Cloud Lock-in: Runs entirely on-premises
  • Privacy First: Your data never leaves your infrastructure

Integration Points

# All modules expose REST APIs
GET /api/flowguard/health
GET /api/fortress/snapshots
GET /api/sentiencex/anomalies

# Unified authentication
Authorization: Bearer {jwt_token}

# Real-time events via WebSocket
wss://identityfirst.net/ws/alerts

Defense Layer

Real-time threat detection and prevention

Concepts only: specifications below describe what we are building, not what is currently shipping.

FlowGuard

MFA Fatigue Defense

Roadmap purpose: Detect and prevent MFA fatigue attacks in real-time

Target capabilities:

  • 6 detection patterns for MFA abuse
  • Real-time WebSocket alerts
  • Duo Security connector
  • Automated response policies
  • Historical pattern analysis

Planned technical details:

# Detection patterns
- Rapid MFA requests (>5/min)
- Off-hours MFA spam
- Geographic anomalies
- Behavioral deviations
- Known attack signatures
- ML-based anomalies
Private Beta 900 LOC

OpenView

Health Monitoring

Roadmap purpose: Continuous identity infrastructure health monitoring

Target capabilities:

  • Active Directory health checks
  • Azure RBAC service monitoring
  • Entra ID, AWS IAM, Google IAM, etc..
  • DNS and GPO validation
  • Replication status tracking
  • Certificate expiration alerts
  • Drift Detection

Proposed monitoring scope:

# Monitored services
- AD Domain Controllers
- Entra ID Connect
- DNS Zones
- Group Policy Objects
- Certificate Authorities
- LDAP Services
Private Beta 750 LOC

Recovery Layer

Rapid incident response and identity restoration

Fortress

Identity Recovery

Roadmap purpose: Cleanroom identity recovery with snapshot comparison

Target capabilities:

  • Snapshot comparison engine
  • 5 change category detection
  • Blast radius calculation
  • Recovery orchestration
  • SID preservation (roadmap)

Recovery Process:

# Recovery workflow
1. Take pre-incident snapshot
2. Detect compromise
3. Compare snapshots
4. Calculate blast radius
5. Generate recovery plan
6. Execute rollback
Private Beta 600 LOC

TactitionX

SOAR Playbooks

Roadmap purpose: Security orchestration and automated response

Target capabilities:

  • YAML-based playbook definitions
  • Manual trigger execution
  • 3 pre-built playbooks
  • Audit trail generation
  • Fidara AI integration

Playbook Examples:

# Available playbooks
- Account Lockout
- Privilege Revocation
- MFA Enforcement

# YAML definition
name: "Account Lockout"
trigger: manual
steps: [disable, notify, log]
Private Beta 800 LOC

Analytics Layer

AI-powered insights and behavioral analysis

SentienceX

Behavioral Analytics

Roadmap purpose: AI-driven behavioral threat intelligence

Target capabilities:

  • Behavioral baseline establishment
  • Cognitia AI integration
  • Anomaly detection engine
  • MISP threat intelligence
  • Real-time event correlation

Analysis Pipeline:

# AI-powered detection
1. Collect user behavior
2. Establish baselines
3. Detect anomalies
4. Query Cognitia AI
5. Generate threat score
6. Trigger response
Private Beta 750 LOC

LedgerX

License Analytics

Roadmap purpose: License optimization and ROI reporting

Target capabilities:

  • M365/Azure AD license tracking
  • Waste detection algorithms
  • ROI calculation engine
  • Usage correlation analysis
  • Cost attribution reporting

Tracked Platforms:

# Supported platforms
- Microsoft 365
- Entra ID Premium
- AWS IAM licenses
- Okta subscriptions
- Third-party tools
- IGA tools
- PAM solutions

# Waste detection
- Unused licenses (>90 days)
- Over-provisioning
- Duplicate assignments
Private Beta 650 LOC

RiskQuant

Risk Scoring

Roadmap purpose: Quantitative identity risk assessment

Target capabilities:

  • Risk scoring algorithms
  • Business impact analysis
  • Threat modeling engine
  • Compliance gap detection
  • Executive dashboards

Risk Calculation:

# Risk formula
Risk Score =
  (Likelihood × Impact) +
  Vulnerability Score -
  Control Effectiveness

# Scoring range: 0-100
Critical: 80-100
High: 60-79
Medium: 40-59
Low: 0-39
Private Beta 580 LOC

Governance Layer

Policy enforcement and compliance orchestration

GovernX

Governance

Roadmap purpose: Identity governance and compliance automation

Target capabilities:

  • Policy lifecycle management
  • Automated enforcement
  • Access certification
  • Audit trail generation
  • Compliance reporting

Governance Workflows:

# Policy enforcement
- Define policies (YAML)
- Assign to identities
- Monitor compliance
- Trigger violations
- Generate reports

# Access reviews
- Quarterly certification
- Manager approval
- Auto-revocation
Private Beta 700 LOC

ReformationX

Policy Mesh

Roadmap purpose: Federated policy orchestration across clouds

Target capabilities:

  • Multi-cloud policy federation
  • Unified policy language
  • AWS/Azure/GCP orchestration
  • Policy conflict resolution
  • Drift detection

Supported Platforms:

# Cloud providers
- AWS IAM Policies
- Azure RBAC
- GCP IAM
- Kubernetes RBAC

# Policy translation
universal_policy →
  aws_policy
  azure_policy
  gcp_policy
Private Beta 720 LOC

Specialized Modules

Purpose-built solutions for modern challenges

GhostGrid

Non-Human Identity

Roadmap purpose: Lifecycle management for machine identities

Target capabilities:

  • Service account tracking
  • API key rotation
  • SPIFFE/SPIRE integration
  • IoT device management
  • Workload identity orchestration

Identity Types:

# Tracked identities
- Service Accounts
- API Keys
- OAuth Clients
- IoT Devices
- Container Workloads
- Serverless Functions

# Auto-rotation
- 90-day key lifecycle
- Zero-downtime rotation
Private Beta 680 LOC

SupplyID

Supply Chain Identity

Roadmap purpose: Third-party vendor identity management

Target capabilities:

  • Vendor identity tracking
  • Security posture monitoring
  • Access pattern analysis
  • Supply chain risk scoring
  • Vendor certification workflows

Vendor Management:

# Vendor lifecycle
1. Onboard vendor
2. Security questionnaire
3. Access provisioning
4. Continuous monitoring
5. Annual recertification
6. Offboarding

# Risk factors
- Security incidents
- Access violations
- Certification status
Private Beta 640 LOC

Fidara AI

AI Orchestration

Roadmap purpose: Explainable AI reasoning for security decisions

Target capabilities:

  • 6 specialized AI personas
  • Cognitia engine integration
  • Explainable reasoning
  • Context-aware responses
  • Multi-tenant orchestration

AI Personas:

# Available personas
- Security Analyst
- Compliance Officer
- Identity Architect
- Risk Manager
- Incident Responder
- Executive Advisor

# Cognitia connection
POST /api/cognitia/analyze
Response: Threat analysis
  with reasoning
Private Beta 850 LOC

Next-Generation Identity Solutions

Forward-thinking features positioning IdentityFirst as a comprehensive identity security platform

ZeroTrust Identity Fabric

Continuous Verification

Roadmap purpose: Implement zero-trust principles with continuous identity verification and adaptive access controls

Target capabilities:

  • Continuous authentication
  • Device trust scoring
  • Contextual access policies
  • Real-time risk assessment
  • Adaptive MFA enforcement

Zero-Trust Model:

# Core principles
- Never trust, always verify
- Least privilege access
- Micro-segmentation
- Continuous monitoring

# Implementation
GET /api/zerotrust/verify
POST /api/zerotrust/policy
WS /ws/zerotrust/events
Concept Planned: Q3 2026

Cognitia Threat Intelligence

AI-Powered Threat Detection

Roadmap purpose: Advanced AI-driven identity threat intelligence with predictive capabilities

Target capabilities:

  • Predictive threat modeling
  • Behavioral anomaly detection
  • Automated threat hunting
  • Intelligence correlation
  • Adaptive response generation

AI Engine:

# Cognitia capabilities
- Pattern recognition
- Threat prediction
- Anomaly scoring
- Response recommendations

# API endpoints
POST /api/cognitia/threats
GET /api/cognitia/anomalies
PUT /api/cognitia/models/train
Concept Planned: Q4 2026

Authentix Passwordless Platform

Modern Authentication

Roadmap purpose: Comprehensive passwordless authentication with biometric and FIDO support

Target capabilities:

  • FIDO2/WebAuthn support
  • Biometric authentication
  • Magic links & push notifications
  • Device-bound credentials
  • Passwordless migration tools

Authentication Methods:

# Supported methods
- FIDO2 security keys
- Biometric (fingerprint/face)
- Mobile push notifications
- Magic links
- Device certificates

# API integration
POST /api/authentix/authenticate
GET /api/authentix/credentials
DELETE /api/authentix/revoke
Concept Planned: Q2 2026

ComplianceForge Orchestrator

Multi-Framework Compliance

Roadmap purpose: Automated compliance management across multiple frameworks beyond SOC2

Target capabilities:

  • Multi-framework mapping
  • Automated evidence collection
  • Compliance gap analysis
  • Regulatory reporting
  • Continuous compliance monitoring

Supported Frameworks:

# Compliance standards
- SOC 2 Type II
- ISO 27001
- GDPR
- HIPAA
- PCI DSS
- FedRAMP

# API endpoints
GET /api/complianceforge/status
POST /api/complianceforge/assess
GET /api/complianceforge/reports
Concept Roadmap In Progress

How Modules Work Together

Example: MFA Fatigue Attack Response

Demonstrates cross-module integration for automated threat response:

# 1. FlowGuard detects MFA fatigue
FlowGuard → Alert: User "john@company.com" received 15 MFA requests in 2 minutes

# 2. SentienceX analyzes behavior
SentienceX → Query Cognitia: Is this anomalous for john@company.com?
Cognitia → Response: 95% confidence anomaly, typical rate is 2 MFA/hour

# 3. RiskQuant calculates risk
RiskQuant → Risk Score: 85/100 (Critical)
RiskQuant → Business Impact: Privileged account, access to finance systems

# 4. Fidara AI recommends response
Fidara AI → Recommendation: Immediate account lockout + investigation
Fidara AI → Reasoning: High-value target, attack pattern matches known campaigns

# 5. TactitionX executes playbook
TactitionX → Execute: "Account Lockout" playbook
TactitionX → Actions:
  - Disable account in AD
  - Revoke Azure AD sessions
  - Notify security team
  - Create incident ticket

# 6. GovernX logs compliance
GovernX → Audit Trail: Security response executed at 2025-11-09 14:23:00 UTC
GovernX → Compliance: Meets GDPR breach response timeline

# 7. Fortress prepares recovery
Fortress → Snapshot: Pre-attack identity state captured
Fortress → Recovery Plan: Ready if account compromise confirmed

# Total time: 45 seconds from detection to response

Cross-Module Benefits

  • Faster Response: Automated coordination reduces MTTR from hours to seconds
  • Better Decisions: AI analysis with business context improves accuracy
  • Complete Audit Trail: Every action logged across all modules
  • Unified View: Single pane of glass for all identity security events

Explore Our Identity Security Ecosystem

Discover more resources to strengthen your identity security posture

Assessment Resources

Access comprehensive guides for Active Directory security assessment UK and Entra ID audit tools.

Visit Assessment Hub

Customer Stories

Read real success stories from organizations using IAM compliance automation.

Read Customer Stories

Content Calendar

Stay updated with our monthly webinars and blog posts on identity security.

View Content Calendar

Ready to Deploy the Complete Platform?

Join our pilot program and get early access to all 12 modules with 50% first-year discount.

View Pricing Contact Sales