Platform
Architecture built for adaptive identity governance.
Identity Armour is an API gateway, governance engine, and adaptive risk platform in one—designed for multi-tenant environments where identity decisions must be continuous, explainable, and enforceable.
System architecture
The platform is composed of purpose-built packages that work together through a layered dependency model. The API gateway orchestrates all traffic, the Verdikta engine evaluates risk, and the governance layer manages policies, reviews, and automated responses.
Dashboard (React) CLI (60+ commands)
│ │
└──── REST/HTTP ───────────┘
│
API Gateway
│
┌───────────────┼───────────────┐
│ │ │
Identity Verdikta Ephemeral
Governance Engine Vault
│ │ │
└───────┬───────┴───────────────┘
│
Shared Types & ConstantsCore components
API Gateway
Central enforcement point for authentication, tenant routing, rate limiting, and structured audit events. All application traffic flows through here.
Verdikta Engine
Five-vector confidence scoring with adaptive baselines, per-tenant weight profiles, and real-time anomaly detection powered by EWMA.
Identity Governance
Domain models, access review campaigns, automated playbooks, session recording, MFA challenges, and policy enforcement services.
Ephemeral Vault
Tenant-scoped secret storage and rotation backed by Redis and KMS—ensuring credentials are short-lived and automatically rotated.
Sidecar Proxy
Per-application proxy that enforces ephemeral identity at the workload edge—extending governance to individual services without code changes.
Verdikta ML
Machine learning model orchestration, scoring pipelines, and training infrastructure for advanced behavioral pattern recognition.
Integration & connectivity
- SCIM 2.0 inbound provisioning: Tenant-scoped endpoints for automated identity lifecycle management from your IdP.
- Shared Signals Framework (SSF): Transmit and receive security signals with other identity providers and security tools.
- SIEM/GRC export: Structured event schemas ready for Splunk, Sentinel, or your GRC platform.
- TypeScript SDK: Generated from OpenAPI for type-safe integration with your applications.
- CLI tool: 60+ subcommands for operators to manage tenants, identities, policies, and reviews from the terminal.
Data & security model
- Strict tenant isolation at every layer—data, policies, and configuration never cross boundaries.
- JWT-based authentication with platform and tenant admin roles enforcing least-privilege defaults.
- Configurable data retention with automated purging aligned to your regulatory obligations.
- Cryptographically signed receipts for revocations and approvals providing tamper-evident audit trails.
- Redis-backed state stores with in-memory LRU caching for sub-millisecond evaluation latency.
- Chaos engineering harness for validating resilience under failure conditions.
Deployment options
Identity Armour runs in your environment with a database you control. Deployment models include Docker Compose for development, Helm charts for Kubernetes, and managed infrastructure options for enterprise engagements.
- PostgreSQL for persistent state with automatic migrations.
- Redis for real-time baselines, caching, and ephemeral state.
- Prometheus metrics and Grafana dashboards for observability.
- Multi-region deployment support with documented runbooks.