Connectors
We are going deep on GitHub, AWS, Entra, and Okta instead of listing fifty logos. Status below is what you can rely on in a pilot conversation.
Org and repo permissions with privileged allowlists. Temporary repo admin JIT: request, approve, grant, auto-revoke.
User and role policy attachments against named allowlists. JIT can attach/detach allowed managed policies. Still not a replacement for the AWS console.
Directory roles and group membership. Identity anchor for correlating accounts. JIT can add/remove group members or assign directory roles from allowlists.
Syncs configured security groups and supports Okta as an identity anchor. JIT can add/remove group members on allowlisted groups.
Optional connector for application ownership alignment. Sync CMDB records, map them to Authoryn resources, and surface drift when an app owner in ServiceNow does not match a grant owner in Authoryn. Read-only in v1; promote-from-CMDB is operator-controlled.
GitHub logins, AWS users, and Entra or Okta objects get tied together through an anchor. That is how you get one view of standing privilege instead of three admin portals.
Beyond cloud connectors
Connectors pull privilege from GitHub, AWS, Entra, and Okta. These hooks connect Authoryn to change management, log aggregation, and deploy automation you already run.
Keep approvals in ServiceNow or Jira if that is how your org works. Authoryn sends a webhook when external sign-off is required; your middleware opens the ticket and calls back to approve or reject.
Push governance events to Splunk, Sentinel, or any HTTP endpoint. Signed payloads, retries, and presets so security alerts do not look like a full audit firehose.
Allowlisted automation accounts can request time-bound elevation from a deploy pipeline. A readiness check can confirm the grant is active before a production step runs.