Standing privilege
Repo admins, AWS policy attachments, Entra directory roles: pulled into one place and tied to people where the anchor allows. Standing vs temporary is a field, not an inference.
Security & platform
Privileged inventory you can defend in an audit
A lot of mid-size engineering orgs have no single answer for “who has standing admin in GitHub, AWS, and Entra?” Authoryn is meant to close that gap without an 18-month IGA project.
Ownerless access
A privileged grant with no owner is its own finding. We do not lump that in with stale accounts. Severity comes from rules you can show an auditor.
Evidence log
Discovery, config changes, ownership, connector tests, and JIT steps append to an event stream. Export curated CSV report packs, forward events to a SIEM via webhooks, or route approvals through ITSM when your policy says so.
Who usually picks this up
Platform / DevOps
Tired of repo and IAM admin being tribal knowledge. Wants something scriptable, not another ticket queue.
Security engineering
Needs a privileged inventory and audit trail without buying SailPoint for cloud-native access.
CISO delegate
Wants ownerless admin surfaced with severity, not another certification UI.
What we do not do (yet)
- •Effective-permission math across AWS org SCPs or IAM Identity Center.
- •JIT is allowlist-scoped per provider (not arbitrary permissions on day one).
- •Revoke removes entitlements; existing IdP tokens or AWS creds may linger until TTL unless session termination is enabled.
- •Okta sync covers configured security groups, not your full Okta app catalog.
- •Replace the AWS / Entra / GitHub consoles for day-to-day admin.