Skip to main content
Public website
Public website surface Marketing and explanation content. This is not the canonical authenticated runtime.
Canonical runtime: app.identityfirst.net
Controlled rollout

IdentityFirst Core

The controlled-rollout ongoing review layer for approved deployments that want regular reporting, oversight, and governance beyond MRI.

Core comes after the first access review. It is for organisations that do not want a one-off report to go stale. Instead, they want regular checks, clearer ownership, trend reporting, and a repeatable review rhythm in a controlled rollout.

This is the stage where a point-in-time assessment becomes an ongoing operating rhythm. The value shifts from “what did we find?” to “are we staying on top of it, and can we show progress?” Publicly, we describe Core as a controlled expansion path from MRI rather than a default first purchase.

Book your 30-minute assessment Start with MRI

What Core means in plain English

If MRI is the first health check, Core is the controlled ongoing service layer that helps you keep watch and show progress over time.

Regular checks

Instead of looking once, Core helps you review access on a regular schedule and spot what changed.

Clear ownership

It supports a more organised review process, so issues do not just sit in a report with no follow-up.

Proof over time

It gives you a clearer story about whether things are getting better, standing still, or slipping backwards.

Who it is for

For internal teams

Organisations that want ongoing visibility and governance, not just a first report that slowly loses relevance.

For service providers

Providers that want to turn an initial review into a recurring service with regular reporting and client conversations.

When to move from MRI into Core

Move here when the first report was useful, but the real need is now regular review, clearer ownership, and a repeatable governance cadence.

Findings need follow-through

The first assessment identified issues, but they now need a recurring review structure rather than ad hoc clean-up.

Stakeholders want trend reporting

Leaders, auditors, or clients want to know whether access risk is improving over time, not just what was true once.

The service needs cadence

The organisation or MSP wants a dependable monthly or quarterly rhythm built around review, evidence, and progress.

What Core is not

Not a mystery upgrade

It is simply the next layer for ongoing review, reporting, and governance after the first assessment.

Not open-ended GA packaging

Core is a controlled rollout. We discuss it with qualified accounts that have already proved the value of MRI.

Not uncontrolled automation

The point is better oversight and repeatability, not surprise changes happening in the background.

Connector posture follows MRI first: launch-core connectors remain the default base, with controlled-scope additions only where onboarding, findings, documentation, and support posture have been closed.