Founding-partner program now open · request a scoped proof →
Identity governance for humans, machines & AI agents

Govern the identities your IGA still misses.

Your IGA is a system of record. SidentiQ is the system of truth.

Human, machine, and AI identities — governed, automated, and cryptographically provable, without replacing what you already run.

Built by a founder with 26 years in identity governance at IBM & Oracle.

Start a Scoped Proof See the evidence layer →
Founder-led · Scoped proof · Works alongside your existing stack
leaver-revoke · live proof cycle ILLUSTRATIVE
IDENTITY TRIGGER · [email protected]
Workday termination · 14:32Z
Signal
Decide
Reach
Revoke
Prove
WDWorkday HCMGA✓ revoked
ADActive DirectoryGA✓ revoked
AADEntra IDGA✓ revoked
OKOktaGA✓ revoked
AWSAWS IAMGA✓ revoked
SNServiceNowBeta✓ revoked
EVIDENCE PACK · SEALED
hash-chained
sha256: a3f5c2e1b8d7f9a0c4e6…b8d1a3e5
prev: 7c2e1a48b7f9d3e6 · customer retention
SCOPE · acme.gov · 22 NHI TYPES · AUTO-DISCOVERY + RISK SCORING
AIlangchain-prod-agentscanning…✓ governed
SVCsvc-workday-hrisscanning…✓ certified
KEYgithub-ci-tokenscanning…✓ rotated
BOTrpa-bot-finance-01scanning…✓ certified
IAMaws-deploy-orphan-23scanning…↻ revoking
AIbedrock-agent-87scanning…⚠ risk 87
<5min
Leaver to fully revoked
0
Inbound firewall ports
12
Governance modules
100%
Of actions sealed
Works alongside the stack you already run
OktaMicrosoft EntraActive DirectorySailPointSaviyntWorkdayAWSSnowflakeServiceNowGoogle WorkspaceGitHubPeopleSoft OktaMicrosoft EntraActive DirectorySailPointSaviyntWorkdayAWSSnowflakeServiceNowGoogle WorkspaceGitHubPeopleSoft
Why trust a new name

"I spent 26 years building identity governance at IBM and Oracle. I kept watching the same audit question go unanswered — so I left to build the answer."

SG
Sirisha Gottipati
Founder, SidentiQ · Sacramento, CA
26 yrs IGAIBMOracleFounder-led delivery
Founding-partner program · 2026

Be one of our first design partners.

We're deliberately choosing a small group — not chasing logos. Each founding partner gets founder-led implementation and shapes the roadmap around their real constraints.

limited 2026 cohort
Request a founding-partner conversation
How it fits

Govern everything. Replace nothing.

SidentiQ isn't a replacement project. It sits beside SailPoint, Okta, Entra, and the legacy systems you can't rip out — and closes the gaps they leave behind.

  • No rip-and-replace.Your existing investments keep running. SidentiQ layers on top.
  • No inbound firewall changes.A customer-managed gateway dials out over mTLS. Nothing to open.
  • Start with one system.One signal, one target, one test population — see results before you commit.
IGA
SailPoint / Saviynt
IDP
Okta / Entra ID
LEGACY
Active Directory · PeopleSoft
↓  governed & proven by  ↓
SidentiQ
verified revoke · evidence · proof layer
The platform

Four layers. One control plane.

Not 80 modules to read through — four jobs the platform does across the stack you already run. The full module matrix lives one level deeper, once you want it.

01

Govern

Normalize human, non-human, and AI-agent identities across legacy and cloud into one graph. Certify against real maturity, not green checks.

02

Protect

Detect toxic access, separation-of-duties violations, dormant admin agents, and prompt-injection at a pre-LLM gate — before it becomes an incident.

03

Revoke

HR signal in, revoke fans out across AD, Okta, AWS, and SaaS in seconds. Closed-loop, outbound-only, nothing left bleeding after a leaver.

04

Prove

Every decision hash-chained into a tamper-evident pack on customer-controlled S3 with retention boundaries you set. When the auditor says “prove it,” you do.

See all 12 capabilities, with what's live vs. in beta →
The evidence layer

When the auditor says "prove it."

Every revoke, grant, and approval is sealed into a tamper-evident chain and written to storage you control. Change one record and the chain breaks — so the evidence an auditor reads is the evidence of what actually happened.

The proof is math, and it's yours to keep — verifiable on your own, without trusting us.

100%
Of actions sealed & verifiable
1-click
Evidence pack for any audit
EVIDENCE CHAIN · req-live-1142 · extending
14:32:15.847Z · REVOKE_ACCESS S3 LOCKED[email protected] · 14 systems · approved by m.smithsha256: a3f5c2e1b8d7f9a0…b8d1a3e5
14:32:16.104Z · VERIFY_REMOVED14 / 14 confirmed · prev: 7c2e1a48…b9d4a6
14:32:16.339Z · SEAL_PACKevidence_pack_req-live-1142.json · chain verified ✓
Try this in your environment

Questions that take seconds, not slide decks.

SidentiQ's modules share one identity graph, one audit chain, one policy engine — so cross-module questions that no single-vendor stack can answer become a single query.

"Which service accounts can read our PCI data and haven't been certified in 90 days?
# GET /api/dspm/nhi-correlation?classification=PCI&uncertified=90d
$ 8 NHIs match.
→ aws-prod-billing-svc (IAM) — 142d
→ github-deploy-tok-prod (PAT) — 187d
→ stripe-webhook-key (API) — 211d
→ Auto-created micro-cert campaign in 2s.
"An employee changed roles yesterday. What happened next?
# GET /api/identities/49281/timeline
11:14 HR_EVENT Finance → Audit
11:14 SoD_CHECK toxic pair detected
11:15 MICRO_CERT campaign auto-created
11:18 APPROVAL by manager (Slack)
11:18 EVIDENCE_PACK #c8f3a91 signed & archived
"Show me every AI agent with admin permissions dormant 30+ days.
# GET /api/ispm/agents?dormantDays=30&permLevel=ADMIN
$ 3 agents flagged.
→ bedrock-incident-responder ASI10 · 47d
→ vertex-data-clean-up ASI10 · 89d
→ langchain-prod-deploy wildcard IAM · 62d
→ Owners notified. Cert review scheduled.
"Generate a SOX §404 evidence pack. Right now.
# POST /api/compliance/reports/sox-404/generate
→ joining cert_campaign × cert_decision…
→ joining platform_role × sod_violation…
→ hash-chaining 47,182 audit rows…
→ signing with tenant ECDSA key…
$ SOX_404_this-quarter.pdf — 8.3MB · verified · 4.2s
Trust

Built for environments that cannot afford to guess.

SLED, healthcare, and financial-services enterprises with strict network, evidence, and compliance requirements.

Active

SOC 2 Readiness

Readiness work in progress with a target assessment window. Formal status available under NDA.

Informed · Not authorized

FedRAMP

FedRAMP-informed architecture. Not authorized — we say so plainly.

Designed-to

NIST 800-53 Rev.5

AC, AU, IA & SI control families inform product design. Formal mapping in progress; not independently assessed.

Aligned

HIPAA Alignment

HIPAA-aligned deployment patterns for qualified environments. BAA terms reviewed during contracting.

Active

OWASP ASI

ASI-aligned controls for AI-agent governance, including pre-LLM prompt and tool-use guardrails.

Verified per build

Automated Security Checks

Release builds run automated security, quality, and dependency checks before signing.

Aligned

CIS Controls

Designed to support CIS-aligned secure configuration and network hardening.

Customer-owned

Hash-chained evidence

Every evidence pack hash-chained, signed, and stored in your own S3.

Compliance references describe current alignment, readiness, or planned assessment status and are not certifications unless stated in a signed customer artifact.

Founding-partner program

Prove it in your environment.

Be one of a small group of founding partners. Founder-led, scoped to one system, and designed to show real results in your environment before any broader commitment.

Start a Scoped Proof Talk to the founders
01
Connect
02
Discover gaps
03
Dry-run revoke
04
Live revoke + Evidence Pack
Start your scoped proof

Let's prove it in your environment.

Tell us one workflow you'd like to see proven — an off-boarding, a certification, a single policy. We'll come back within a few business days, founder to founder.

  • Founder replies personally
  • Scoped to one system — no rip-and-replace
  • We'll tell you honestly if we're not a fit
or email us directly at [email protected]