fatcousin
// industry vertical

identity governance / IGA forensics

SailPoint · Saviynt · Okta lifecycle · Entra governance · Ping · OneLogin · role mining · orphaned accounts · SoD violations · cross-IGA lifecycle correlation.

tools
12
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. sailpoint identityiq certification export forensic analyzerdrop sailpoint certification campaign export · parse reviewer + entitlement + decision · runs locally
  2. saviynt access governance audit forensic analyzerdrop saviynt audit log export · parse role + sod + remediation task · runs locally
  3. segregation of duties violation forensic analyzerdrop sod policy export · parse conflicting entitlements + owners · runs locally
  4. cross iga account lifecycle correlatordrop 2+ iga exports · correlate account lifecycle across systems · runs locally
  5. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. okta lifecycle provisioning log forensic analyzerdrop okta lifecycle provisioning export · parse app assignment + deprovision + group push · runs locally
  2. microsoft entra governance access review forensic analyzerdrop entra access review export · parse reviewer + resource + decision timeline · runs locally
  3. ping identity access management audit forensic analyzerdrop ping audit log export · parse adapter + mapping + sync result · runs locally
  4. onelogin user provisioning event forensic analyzerdrop onelogin provisioning event export · parse app + role + mapping action · runs locally
  5. iga role mining anomaly detectordrop iga entitlement export · detect over-provisioned role clusters · runs locally
  6. orphaned account detector from iga exportdrop iga account inventory export · detect stale/orphan accounts · runs locally
  7. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally

want deeper IGA coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready