Identity Mesh Logo Identity Mesh

Enterprise-Grade Identity Synchronization

Powerful features designed to unify, synchronize, and govern identities across every system in your enterprise environment.

Contact Sales View Pricing

Delta Sync

Process only what changed with watermark-based change detection — uSNChanged for Active Directory, configurable delta columns for SQL databases, and SHA-256 file hash for CSV/TXT files.

Key Benefits

  • Watermark-based change detection
  • Minimal network overhead
  • Confidence-based attribute resolution
  • Full and delta import modes

Common Use Cases

  • Employee onboarding/offboarding
  • Real-time access provisioning
  • Organizational structure changes
Learn more

Bi-directional Connectors

Seamlessly sync identities in both directions with conflict resolution and authoritative source management.

Key Benefits

  • Active Directory, SQL Database, and File (CSV/TXT) connectors
  • Extensible via IIdentityConnector SDK
  • Import and export in both directions
  • Configurable via Admin UI

Common Use Cases

  • AD ↔ SQL identity synchronization
  • HR database to AD provisioning
  • M&A identity consolidation
Learn more

Policy-based Transforms

Define attribute mappings, transformations, and business rules with a safe transform engine — no eval, no arbitrary code execution.

Key Benefits

  • Safe transform engine (no eval)
  • Whitelisted functions (ToLower, Trim, Replace, Concat...)
  • Confidence scoring per attribute
  • Four rule types: Join, Flow, Projection, MeshComposer

Common Use Cases

  • Data normalization across systems
  • Attribute enrichment
  • Compliance-driven filtering
Learn more

Audit-ready Reporting

Complete audit trails with before/after values, run history per connector, and a UI-based audit viewer for all identity changes.

Key Benefits

  • Complete audit trail with before/after values
  • Run history per connector
  • UI-based audit viewer
  • REST API access to audit data

Common Use Cases

  • Compliance support and audit evidence
  • Identity change investigation
  • Sync operation troubleshooting
Learn more

Tamper-Evident Audit

Every audit row is hash-chained with SHA-256 — a single broken link signals post-hoc tampering. One-click chain integrity verification surfaces the exact row a rogue admin would have to forge to hide their tracks.

Key Benefits

  • Append-only SHA-256 hash chain over admin + object audit
  • In-UI verification button + REST + CLI
  • Documented canonical form for external verifiers
  • Survives DR restore — re-verify the chain after recovery
Learn more

Privacy & Right-to-Erasure

Data Subject Access Requests and right-to-erasure surface as first-class admin endpoints. Erasure events ship through the chained audit trail so the act-of-erasure is itself non-repudiable evidence — exactly what GDPR Article 17 and SOC 2 Privacy auditors ask for.

Key Benefits

  • Anchor-keyed DSAR returns mesh objects + attributes + audit history
  • Idempotent erasure with hash-chained ErasureRequest marker
  • Per-attribute sensitivity classification (Public / Internal / Confidential / Restricted)
  • Privacy / DPO role separates from day-to-day operator entitlements
Learn more

Multi-Vault Secret Storage

Connector credentials never live on disk in plaintext. Choose the secret store that fits your environment — DPAPI on the host, Azure Key Vault for Azure-native deployments, HashiCorp Vault for non-Azure shops — selected via a single config switch.

Key Benefits

  • DPAPI default for on-prem, no extra infrastructure
  • Azure Key Vault with managed identity / DefaultAzureCredential
  • HashiCorp Vault KV v2 with Token or AppRole auth
  • Vault-portable secrets unlock active/passive HA
Learn more

SIEM Integration Suite

Five forwarding paths cover every common SIEM. Splunk, QRadar, ArcSight, Sentinel, Graylog — pick the transport your collector already speaks instead of building a custom pipeline.

Forwarding Paths

  • RFC 5424 Syslog (TCP / TLS / UDP) for Splunk, QRadar, RSyslog, Graylog
  • HTTPS Webhook with HMAC-SHA256 verification for SOAR / custom collectors
  • Microsoft Sentinel direct ingestion via Log Analytics workspace
  • CEF v0 + LEEF v2.0 formatters for ArcSight + QRadar legacy parsers
  • Rolling file + Windows Event Log out-of-the-box
Learn more

Compliance-Ready

Documented STRIDE threat model, SOC 2 Trust Service Criteria mapping, ISO 27001:2022 Annex A gap analysis, and an incident-response runbook structured around NIST SP 800-61 — answers the auditor questions before they ask.

Key Benefits

  • SOC 2 + ISO 27001 + GDPR control mappings shipped
  • RFC 9116 security.txt + coordinated-disclosure policy
  • CycloneDX SBOM auto-generated on every release
  • Customer-side SQL TDE + connection-encryption runbook
Learn more

Hybrid Authentication

Run the Admin portal under Windows Integrated Authentication for domain-joined deployments, Entra ID MSAL for cloud-native, or both at once — the SmartAuth scheme routes per request based on the credential type the browser presents.

Key Benefits

  • Windows Integrated Authentication (Negotiate / Kerberos) by default
  • Angular MSAL sign-in for Entra ID (single + multi-tenant)
  • JWT bearer scheme + role-claim mapping on the API
  • Service-principal / managed-identity auth for relay agents
Learn more

Works with Your Existing Infrastructure

Built-in connectors for Active Directory, Entra ID, Okta, SQL, and File (CSV/TXT), with more on the roadmap

Active Directory logo
Active Directory
Entra ID logo
Entra ID
Okta logo
Okta
Coming Soon
Workday logo
Workday
Coming Soon
LDAP logo
LDAP
Coming Soon
SCIM logo
SCIM
SQL logo
SQL
Coming Soon
REST API logo
REST API

Ready to modernize your identity infrastructure?

See how Identity Mesh can transform your identity synchronization and governance.

Contact Sales View Pricing