Core subsystems and architecture

Auto-discovery subsystem — inventories accounts and entitlements from connected systems.

Changes detected are updated in the identity cache and may trigger automatic responses, such as auto-provisioning, SoR-triggered terminations, identity synchronization or alerting in response to unauthorized security escalation.

Identity cache (meta-directory) — normalized internal model of users and entitlements.

Workflow manager — validation, approvals, certification orchestration.

Transaction manager — executes connector operations and manages retries.

Web portal — self-service, delegated requests, certification UI.

Connectors — bi-directional integrations for provisioning and discovery.

Replicated database — multi-master data replication for resilience and geographic distribution.