Multi-cloud honesty

Service coverage

Every individual service across Azure, AWS, GCP, Kubernetes, identity systems, and hybrid connectivity — with a fully / partially / planned / not-supported grade per capability. We do not pretend coverage we haven't built. See the guide.

Executive Engineer Architect

Cloud:all azure aws gcp kubernetes saas onprem

Status:all Production-quality Common case covered Synthesised from adjacent data Planned Not in scope

Enhanced by:all wiz dynatrace datadog crowdstrike veracode

○
Microsoft Entra IDidentity.entra· identityPlanned
Supported: observability
Discovery: MS Graph + ARM. Auth: OAuth client credentials + User-Assigned Managed Identity. Reads: Users, groups, app regs, service principals, role assignments, group memberships, sign-in logs.
○
Microsoft Entra B2Cidentity.entra_b2c· identityPlanned
Supported: observability
Discovery: Graph. Auth: OAuth. Reads: Custom policies, user flows, tenant config.
○
Entra Domain Servicesidentity.entra_ds· identityPlanned
Supported: observability
Discovery: ARM. Auth: OAuth (UAMI). Reads: Domain config, replication state.
○
Oktaidentity.okta· identityPlanned
Supported: observability
Discovery: Okta Management API. Auth: API token (read scopes: users:read, groups:read, apps:read, logs:read). Reads: Users, groups, apps, role assignments, MFA enrollments, system log, policies.
○
Ping Identityidentity.ping· identityPlanned
Supported: observability
Discovery: PingOne API. Auth: OAuth client credentials. Reads: Users, populations, applications, role assignments, MFA.
○
OneLoginidentity.onelogin· identityPlanned
Supported: observability
Discovery: OneLogin API. Auth: API credentials. Reads: Users, apps, roles, sign-in events.
○
ForgeRock Identity Cloudidentity.forgerock· identityPlanned
Supported: observability
Discovery: AM/IDM REST. Auth: Service account / OAuth client credentials. Reads: Users, identities, journeys, federation config.
○
Auth0 (Okta)identity.auth0· identityPlanned
Supported: observability
Discovery: Management API. Auth: M2M token (audience: management API). Reads: Users, applications, connections, rules/actions, logs.
○
JumpCloudidentity.jumpcloud· identityPlanned
Supported: observability
Discovery: JumpCloud API. Auth: API key (read scopes). Reads: Users, systems, system bindings, SSO apps, MFA enrollment.
○
Google Cloud Identityidentity.gcp_identity· identityPlanned
Supported: observability
Discovery: Google Admin SDK Directory API. Auth: OAuth (workforce identity federation preferred). Reads: Users, groups, OUs, role assignments, sign-in events.
○
Amazon Cognitoidentity.cognito· identityPlanned
Supported: observability
Discovery: AWS SDK (Cognito IDP). Auth: Cross-account IAM role (read-only). Reads: User pools, app clients, identity providers, federation config.
○
SailPoint IdentityNowidentity.sailpoint· identityPlanned
Supported: observability
Discovery: IdentityNow API. Auth: OAuth client credentials (read scopes). Reads: Identities, entitlements, access reviews, certifications, sources.
○
Saviynt Identity Cloudidentity.saviynt· identityPlanned
Supported: observability
Discovery: Saviynt REST. Auth: Service account. Reads: Users, accounts, entitlements, requests, certifications.
○
CyberArkidentity.cyberark· identityPlanned
Supported: observability
Discovery: Conjur API + EPM API + Privilege Cloud API. Auth: API authentication. Reads: Safes, accounts, applications, privileged session audit.
○
Delinea (Thycotic + Centrify)identity.delinea· identityPlanned
Supported: observability
Discovery: Secret Server REST + Privilege Manager API. Auth: API key + service account. Reads: Secret templates, folders, permissions, audit logs.
○
Duo Security (Cisco)identity.duo· identityPlanned
Supported: observability
Discovery: Duo Admin API. Auth: hostkey + skey + IKey (read). Reads: Users, integrations, authentication logs, enrollment status, policies.
○
RSA SecurIDidentity.rsa_securid· identityPlanned
Supported: observability
Discovery: SecurID Cloud Authentication API. Auth: service account. Reads: Users, tokens, authentication policies, sign-in events.
○
Keycloakidentity.keycloak· identityPlanned
Supported: observability
Discovery: Keycloak Admin REST API. Auth: OIDC client_credentials. Reads: Realms, users, groups, clients, role mappings, identity providers.

Read-only and advisory by design — we never modify cloud resources. The grades describe what we can observe, not what we can change.