Trust starts with clarity.
You can't govern what you can't see. Identity Atlas turns scattered authorization data into something you can actually make sense of — giving analysts, support teams and resource owners the insight they need to understand access, identify risks and make informed decisions.
Self-hosted and open source — your identity data never leaves your environment.
The data already exists. The clarity doesn't.
Sound familiar? You've invested in a capable IGA system — and your analysts still export to Excel to actually make sense of it. The data isn't missing. What's missing is a clear way to understand it.
Fragmented
Azure RBAC, Entra ID and Omada each show a different part of who has access to what — in a different place and in a different way.
Invisible
Over-privileged accounts, eligible-but-unused PIM roles and access that has never been reviewed remain hidden in the gaps between systems.
Unprovable
“Who could do what last quarter?” becomes guesswork once memberships change — because there is no reliable history of access.
It's not about finding one needle — that's too narrow a question. It's about making sense of the whole haystack. Identity Atlas helps analysts, support teams and resource owners explore authorization data from different perspectives, discover patterns and answer the question at hand.
Fortigi is a Dutch identity and access management consultancy. While working with enterprise organizations, we kept running into the same problem: there was no single reliable answer to “who has access to what,” and no reliable history showing how that access changed over time. So we built the tool we wished we had and opened it up. Identity gets stronger when we build it together.
Identity Atlas, in one view.
Identity Atlas brings authorization data from connected systems together in one model with full history. It presents this data in a visual access matrix and can assign a risk score to each identity — without identity data leaving your environment.
Unified permission model
Bring permissions from every connected system together in one PostgreSQL model — including groups, roles, application roles, SharePoint permissions and business roles — with a complete row-level audit history.
Visual access review
Explore access by user, role, resource or system. See how each permission was granted — directly, through a group, as an owner, through PIM eligibility, through governance or through an application role. Designed for the way analysts, support teams and resource owners investigate access.
Identity risk scoring
Assign a transparent risk score to each identity. The optional, privacy-preserving risk layer uses LLM assistance based only on publicly available information about the organization.
Multi-system and open
Connect out of the box to Entra ID, Azure RBAC, Omada and midPoint through dedicated crawlers. SailPoint data can be imported through CSV. Identity Atlas is MIT-licensed and runs in your own environment.
Want more detail on supported systems, current-state versus target-state analysis and the risk-scoring layers? Read the full documentation ↗
Pick a release channel. Pick a way to run it.
Identity Atlas is delivered as a self-contained stack. Evaluate it in minutes, run it wherever you run containers or deploy it directly into your own Azure subscription.
The latest development build. Updated after every merge to main. Use Docker tag :edge to explore the newest changes, but expect frequent updates and incomplete features.
Pre-release builds. For testing upcoming features before they become stable. Use Docker tag :beta.
Released and tested versions. Recommended for production. Use Docker tag :latest, or pin a specific Major.Minor.Patch.0 version to control when you update.
Docker stack
The fastest way to evaluate Identity Atlas. Start the stack with Docker Compose and open localhost:3001. Run it anywhere you can host containers and load demo data without connecting a tenant.
Deploy to Azure
Deploy Identity Atlas into your own Azure subscription using managed platform services. Deployment takes approximately 15 minutes. Entra SSO is enforced and anonymous access is disabled. A proof-of-concept environment starts at approximately €45 per month.
Portable Windows launcher
Evaluate Identity Atlas on restricted Windows devices without installation, administrator rights or Docker. Run it directly from a folder for a quick and isolated evaluation.
# Download the Compose file
curl -O https://raw.githubusercontent.com/Fortigi/IdentityAtlas/main/docker-compose.prod.yml
# Start Identity Atlas
docker compose -f docker-compose.prod.yml up -d --pull always
# Open Identity Atlas and add your first crawler
# http://localhost:3001 → Admin → Crawlers → Add Crawler
Need more detailed deployment guidance? Read the deployment documentation ↗
Built to be inspected, not taken on faith.
Identity Atlas reads authorization data and keeps it within your environment. Here is how we make that verifiable.
Identity Atlas is self-hosted end to end and runs entirely within your environment. Deploy it in your own Azure subscription — no Identity Atlas services run on Fortigi infrastructure.
Identity Atlas reads authorization data but never changes anything in your source systems.
The source code is open to inspect, fork, challenge and improve. You choose which version to run and when to update it.
LLM-assisted risk scoring is optional. When enabled, it uses only publicly available information about your organization. Identity data is never sent to the model.
LLM keys and crawler credentials are protected with AES-256-GCM envelope encryption using a master key you control.
Entra SSO is enforced from the start, and anonymous access is disabled.
Quality controls include unit tests with Vitest and Pester, increasing code-coverage requirements, file-size and complexity limits, duplication checks, Playwright end-to-end tests and load and soak testing.
Identity Atlas publishes an SBOM, uses Dependabot to keep dependencies current and checks new packages with Socket Firewall before they are introduced.
Identity Atlas is developed by a team of Fortigi engineers and has evolved over an extended project history. Fortigi is an established Dutch identity and access management consultancy. See the history ↗
Open source · Self-hosted · Stronger together.
Make sense of the whole haystack.
Start the Docker stack with demo data in under a minute — no tenant required — and explore the access matrix yourself.