Platform

Architecture built for adaptive identity governance.

Identity Armour is an API gateway, governance engine, and adaptive risk platform in one—designed for multi-tenant environments where identity decisions must be continuous, explainable, and enforceable.

System architecture

The platform is composed of purpose-built packages that work together through a layered dependency model. The API gateway orchestrates all traffic, the Verdikta engine evaluates risk, and the governance layer manages policies, reviews, and automated responses.

Dashboard (React)          CLI (60+ commands)
       │                          │
       └──── REST/HTTP ───────────┘
                    │
              API Gateway
                    │
    ┌───────────────┼───────────────┐
    │               │               │
Identity       Verdikta        Ephemeral
Governance      Engine           Vault
    │               │               │
    └───────┬───────┴───────────────┘
            │
     Shared Types & Constants

Core components

API Gateway

Central enforcement point for authentication, tenant routing, rate limiting, and structured audit events. All application traffic flows through here.

Verdikta Engine

Five-vector confidence scoring with adaptive baselines, per-tenant weight profiles, and real-time anomaly detection powered by EWMA.

Identity Governance

Domain models, access review campaigns, automated playbooks, session recording, MFA challenges, and policy enforcement services.

Ephemeral Vault

Tenant-scoped secret storage and rotation backed by Redis and KMS—ensuring credentials are short-lived and automatically rotated.

Sidecar Proxy

Per-application proxy that enforces ephemeral identity at the workload edge—extending governance to individual services without code changes.

Verdikta ML

Machine learning model orchestration, scoring pipelines, and training infrastructure for advanced behavioral pattern recognition.

Integration & connectivity

  • SCIM 2.0 inbound provisioning: Tenant-scoped endpoints for automated identity lifecycle management from your IdP.
  • Shared Signals Framework (SSF): Transmit and receive security signals with other identity providers and security tools.
  • SIEM/GRC export: Structured event schemas ready for Splunk, Sentinel, or your GRC platform.
  • TypeScript SDK: Generated from OpenAPI for type-safe integration with your applications.
  • CLI tool: 60+ subcommands for operators to manage tenants, identities, policies, and reviews from the terminal.

Data & security model

  • Strict tenant isolation at every layer—data, policies, and configuration never cross boundaries.
  • JWT-based authentication with platform and tenant admin roles enforcing least-privilege defaults.
  • Configurable data retention with automated purging aligned to your regulatory obligations.
  • Cryptographically signed receipts for revocations and approvals providing tamper-evident audit trails.
  • Redis-backed state stores with in-memory LRU caching for sub-millisecond evaluation latency.
  • Chaos engineering harness for validating resilience under failure conditions.

Deployment options

Identity Armour runs in your environment with a database you control. Deployment models include Docker Compose for development, Helm charts for Kubernetes, and managed infrastructure options for enterprise engagements.

  • PostgreSQL for persistent state with automatic migrations.
  • Redis for real-time baselines, caching, and ephemeral state.
  • Prometheus metrics and Grafana dashboards for observability.
  • Multi-region deployment support with documented runbooks.