Solutions · Identity & Access

Verify access continuously — even after they leave.

Joiner-Mover-Leaver across AD, Azure AD and LDAP, with the ghost-account hunt that traditional IdP-only tools miss.

Ungoverned

14 days

Salesforce

3 sessions · last 4h

Auto-revoke all →

Slack workspace

member · 4 channels

Auto-revoke all →

Sarah Demir

Sales · departed

left 14 days ago

OAuth · Google Calendar

grant active · personal

Auto-revoke all →

Dropbox personal

synced corporate folder

Auto-revoke all →

4 lingering accesses · KVKK md.12 implicationAuto-revoke all

01The problem

Leavers keep access to SaaS no one remembers granting.

"Login with Google" hides whether it's a corporate or personal account.

Access reviews are an annual fire drill, not a continuous control.

02Identity sources

Three sources, one identity.

Active Directory, standalone LDAP and Azure AD merge into one identity graph — UPN-normalized, lastLogon-MAXed across DCs, with multi-controller drift detected as a finding, not silently masked.

Identity composition

AD + LDAP + IdP into one graph

Active Directory

multi-DC · primary

· UPN · sAMAccountName
· memberOf · groups
· lastLogon (MAX across DCs)

Standalone LDAP

directory bind

· DN · uid
· memberOf
· custom attributes

Entra ID (Azure AD)

SSO · OAuth

· SSO sessions · MFA
· OAuth grants · scopes
· conditional access

Unified identity

Sarah Demir

sarah.demir@acme.com · single graph

Apps reachable

Reviews due

03Lifecycle (JML)

The loop closes in hours, not weeks.

HR event → AD update → IdP sync → SaaS deprovision → audit log. Every step instrumented, every latency measured against your SLA.

Leaver cycle · last 30 days

From HR event to audit-logged

Average

4.2 h

Target SLA

24 h

HR event

HRIS feed

AD update

multi-DC

IdP sync

Entra ID

SaaS revoke

per-app

14m

Audit log

immutable

04Access certification

Access certification

Reviewer-driven keep / revoke / flag campaigns (ISO 27001 A.5.18), audit-immutable once closed.

OAuth & SSPM

Connected-tenant OAuth permission inventory and posture: security defaults, conditional access, admin / guest / MFA coverage.

05Frameworks

ISO 27001 (A.5.15–A.5.18)KVKK md.12NIST AI RMF (GOVERN)

These controls reinforce each other

SaaS Discovery & Shadow IT

See what's really in use — not what's on the contract.

Explore

Third-Party Risk (TPRM)

Hold your vendors to your own bar.

Explore

Request a demo Explore CenseRisk