Book demoEN

The governance layer, on top

Iden plugs into the stack you already have. SSO stays. HRIS stays. ITSM stays. Iden runs the governance layer on top. Per-tool coexistence guides indexed here.

3 min read · Last updated June 2026

You like your SSO. You spent months picking it. The HRIS is working. The ITSM has your team's flows in it. None of those need to change.

What you need is the governance layer that sits on top of all of them: provisioning across the apps SSO can't reach, fine-grained access reviews, contractor lifecycle, non-human identity. The stuff your existing stack was never designed to do.

This page is the index. Pick the tool you already have. Each per-tool guide walks through how Iden plugs in, what changes, what doesn't, and the setup steps.

The principle

SSO, HRIS, and ITSM each do one thing well. Authentication. Source of truth for who exists. Service ticketing. None of them try to be the identity governance layer. That layer needs its own primitives: per-app entitlements, automated reviews, lifecycle policies that span the entire stack including the apps SCIM can't reach.

Iden is the governance layer. It sits on top of what you have. It doesn't replace your SSO. It doesn't replace your HRIS. It doesn't replace your ITSM. It adds the work that nothing else in your stack was doing.

What Iden plugs into

Your SSO. Okta, Microsoft Entra, Google Workspace, JumpCloud, or any combination. Iden uses the SSO for authentication and reads group memberships from it. Logins stay where they are.

Your HRIS. Workday, BambooHR, Personio, Rippling, HiBob, Gusto, ADP, Justworks. The HRIS is the source of truth for joiner-mover-leaver. Iden reads from it and fires the lifecycle across every connected app.

Your ITSM. ServiceNow, Jira Service Management, Zendesk, Freshservice. Access requests route through your existing ticketing flow. Iden adds the per-entitlement context and executes the action when the ticket closes.

Your GRC platform. Drata, Vanta, Secureframe. Iden pushes evidence directly into your existing audit framework, mapped to the relevant controls.

Your MDM (optional). Kandji, Jamf, Intune. Iden coordinates with endpoint inventory for the device side of lifecycle.

The work the existing tools were doing keeps happening. Iden adds the work nothing else was doing.

The shape of each guide

Every per-tool guide follows the same seven sections.

  1. What [tool] does.
  2. What [tool] doesn't do, and the gap Iden fills.
  3. How they work together: data flow and responsibility split.
  4. Setup walkthrough.
  5. Common patterns.
  6. FAQ.
  7. Where to ask for help.

Read the guide for the tool you have. If you have more than one (most teams do), the guides are designed to compose. The Okta SSO plus Iden plus Workday HRIS pattern reads like three guides stacked, not three migrations.

Pick your starting point

Tool guides publish on a rolling schedule. Live guides are linked. The rest are in the queue.

  • Okta (SSO)
  • Microsoft Entra ID (SSO)
  • Google Workspace (SSO)
  • JumpCloud (directory)
  • Workday (HRIS)
  • BambooHR (HRIS)
  • Rippling (HRIS)
  • Personio (HRIS, DACH)
  • HiBob (HRIS)
  • Gusto, ADP, Justworks (HRIS)
  • ServiceNow (ITSM)
  • Jira Service Management (ITSM)
  • Zendesk, Freshservice (ITSM)
  • Drata (GRC)
  • Vanta (GRC)
  • Secureframe (GRC)
  • Kandji, Jamf, Intune (MDM)

If your stack has a tool that isn't listed, tell us at office hours. Most aren't on the public list because they don't have a guide written yet, not because they don't connect.

Need a hand mapping it out

Office hours run weekly. Bring your stack diagram (whatever level of detail you have, even back-of-napkin). We'll walk through where Iden plugs in for your specific setup and what changes day one.

Related

The end of hope-based offboarding

Most offboarding fails because tools were never built to reach the apps that matter. What zero-touch offboarding actually means, why most automation breaks, and what a working flow looks like on the day someone leaves.

May 2026