Skip to main content
Public website
Public website surface Marketing and explanation content. This is not the canonical authenticated runtime.
Canonical runtime: app.identityfirst.net
Product family overview

Start with clarity. Grow into ongoing control only when you need it.

IdentityFirst is built around a simple progression. Start with IdentityFirst MRI as the public GA read-only exposure review, then move into IdentityFirst Core only if you need recurring governance, with IdentityFirst Enhanced and IdentityFirst AISF kept as later private-beta layers.

It is not about implying that every layer is broadly available today. It is about giving buyers a credible first step, an honest controlled rollout path, and a clear view of what remains later-stage.

What buyers usually need

  • A low-friction first review they can approve quickly.
  • A clearer way to explain access risk to operators, boards, and auditors.
  • An ongoing rhythm if they want reporting and governance after the first assessment.
  • A product path that can grow with them without inflating the first promise.

Four-product progression

Start with proof. Expand only when you need more.

The shared foundation stays the same. What changes is how much regular review, guidance, and bounded human-governed workflow you want around it, and whether that layer is GA, controlled rollout, or private beta today.

Diagram showing MRI, Core, Enhanced and AISF sitting on top of a shared Substantia substrate.
The image carries the hierarchy quickly: MRI as the public GA anchor, later product stages above it, and one shared foundation beneath them.
GA now

IdentityFirst MRI

The public entry point: a read-only review of access exposure, stale permissions, and the clearest first action.

Best for: getting a clear starting point without changing customer systems.

View MRI
Controlled rollout

IdentityFirst Core

The governed next step for recurring review, reporting cadence, and tighter operating control.

Best for: customers who want ongoing reporting, trend tracking, and service rhythm.

View Core
Private beta

IdentityFirst Enhanced

Extra guided analysis and deeper decision support for approved later-stage pilots.

Best for: customers who want more help deciding what to do next.

View Enhanced
Private beta

IdentityFirst AISF

The most advanced layer for bounded, human-approved action workflows in approved programmes.

Best for: later-stage accounts that want more governed action, not a first purchase.

View AISF

How the product family fits together

Each part of the delivery model has a different job.

Most buyers do not need deep architecture detail. They just need to know why the website, working portal, rules layer, and shared foundation do not contradict each other.

Website and demo

This is where the company explains the offer, shows representative journeys, and sets honest expectations.

Working portal

This is where operators and customers use the live product for runs, reports, governance, and follow-up work.

Rules and workflows

This is where approvals, governed workflows, connector execution boundaries, and service control are handled behind the scenes.

Shared foundation

This is what keeps access data, findings, evidence, and later actions working from the same picture rather than drifting apart.

Screenshots are being prepared. Check back shortly.

Architecture reference

How the platform works under the hood.

Three diagrams for engineers, security teams, and technically-minded buyers who want to understand service boundaries, evidence integrity, and licence-tier enforcement before committing to a proof of concept.

inside the document body. $svg_content = preg_replace('/^<\?xml[^?]*\?>\s*/s', '', $svg_content); $meta = DIAGRAM_META[$slug]; // Sanitise strings used in HTML attributes (all are static constants, but // belt-and-suspenders). $esc_title = htmlspecialchars($meta['title'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); $esc_caption = htmlspecialchars($meta['caption'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); $esc_aria_label = htmlspecialchars($meta['aria_label'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); $esc_slug = htmlspecialchars($slug, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); ?>
Platform Data-Flow Architecture Diagram showing the IdentityFirst platform control plane (platform-api on port 5100) communicating with the Substantia data plane (port 5200) exclusively through ISubstantiaGateway. Substantia reads from and writes to PostgreSQL. Redis provides a read cache for the MRI intelligence store. The MRI API surface is read-only. References: CLAUDE.md §16, MAS-001.
inside the document body. $svg_content = preg_replace('/^<\?xml[^?]*\?>\s*/s', '', $svg_content); $meta = DIAGRAM_META[$slug]; // Sanitise strings used in HTML attributes (all are static constants, but // belt-and-suspenders). $esc_title = htmlspecialchars($meta['title'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); $esc_caption = htmlspecialchars($meta['caption'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); $esc_aria_label = htmlspecialchars($meta['aria_label'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); $esc_slug = htmlspecialchars($slug, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); ?>
Evidence Chain — Tamper-Evident Signing Diagram showing the IdentityFirst evidence chain: a source identity record is ingested, producing a DetectedAnomaly. The anomaly is wrapped into an EvidenceBundle that is HMAC-signed (SHA-256) and carries a chain hash linking it to the previous bundle. The signed bundle is committed to the ImmutableAuditStore with a 7-year retention policy. Any modification to a bundle breaks the chain hash, making tampering detectable. References: CLAUDE.md §6, MAS-001.
inside the document body. $svg_content = preg_replace('/^<\?xml[^?]*\?>\s*/s', '', $svg_content); $meta = DIAGRAM_META[$slug]; // Sanitise strings used in HTML attributes (all are static constants, but // belt-and-suspenders). $esc_title = htmlspecialchars($meta['title'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); $esc_caption = htmlspecialchars($meta['caption'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); $esc_aria_label = htmlspecialchars($meta['aria_label'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); $esc_slug = htmlspecialchars($slug, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); ?>
IdentityFirst Tier Boundary Map Concentric band diagram showing the four IdentityFirst product tiers as hard security boundaries enforced by EV-signed manifests. The innermost band is MRI (GA, read-only baseline intelligence and evidence collection). The next band is Core (foundational identity fabric and standard orchestration). The next is Enhanced (advanced analytics, extended policy packs, enriched evidence). The outermost band is AISF (full augmented reasoning, multi-agent orchestration, quantum-safe controls). Each tier may only reference capabilities at its own level or below. References: CLAUDE.md §4, MAS-001. MRI Core Enhanced AISF

What the product family is not

Blast radius is important. It is not the whole company story.

IdentityFirst spans identity discovery, governance, evidence, reporting, assisted analysis, and guarded action workflows. MRI does not need to promise the full depth of every later layer to be a credible public starting point.

Understand Substantia See the MSP story