Skip to main content

Identigy Access Copilot

An AI Copilot for identity governance

An AI assistant for identity administrators: natural-language queries, an MCP server for external AI tools, RAG over your policies, on the LLM your organization already runs. Vendor-neutral — on top of the IGA platform you already run.

Talk to an architect

What the AI Copilot for IGA does

  1. Admin AI chat

    Query your identity system in plain language — “who has access to X”, “what changed on this account in the last 24h”, “why did this resource sync fail”. Answered against live data, with traceability.

  2. MCP server (9 tools)

    An open Model Context Protocol interface for external AI clients (Claude Desktop, Cursor, n8n): search and read any object, query the audit log, test connectors, tail logs with secret masking.

  3. RAG over docs and policies

    Semantic search across platform documentation and the customer’s own runbooks and policies. Answers cite their sources — no hallucinated configuration.

  4. The LLM of your choice

    Works with the model your organization has adopted — on-prem/self-hosted or cloud, your call. On-prem keeps everything inside the perimeter for data-residency cases.

  5. Audit and diagnostics in plain language

    Search the audit log and read logs conversationally: password changes, failed logins, broken connectors — without hand-building filters.

  6. Runs under native auth

    The AI acts as the signed-in user. Roles and privileges are unchanged, never escalated. Sensitive operations sit behind their own authorization actions.

How it works

How the AI Copilot works with your IGA

The administrator states the task in plain language. The model calls the Copilot's tools, pulls data from the system, and builds a complete answer — grounded in facts and documentation.

  1. The administrator states the task in plain language
  2. The Copilot calls the right MCP tools in your IDM
  3. The system returns data (objects, audit, logs) — as the signed-in user
  4. The Copilot assembles a complete answer, grounded in facts and docs

The result: routine access, audit and diagnostics questions are answered in seconds — without manual filters or hand-offs between teams.

Search & read

  • List the object types the system manages
  • Search objects of any type by name
  • Full object card (roles, attributes, references)

Audit

  • Search the audit log (time, initiator, target, event type, outcome)
  • Full audit event card with change deltas

Diagnostics

  • Test resource connection (LDAP, DB, CSV, REST) — read-only
  • Tail logs for troubleshooting (INFO+ only, secrets masked)

Knowledge (RAG)

  • Semantic search over docs and policies with source citations
Integration

Works with your IGA — no platform replacement

Shipped as a separate AI layer, the Copilot plugs into your existing identity system over the open MCP standard and connectors — no platform replacement.

Evolveum MidPoint

Built

Our working product Midpoint AI is a MidPoint overlay — the whole AI layer is proven here.

SailPoint (IIQ / ISC)

Per project

Through the SailPoint MCP server (GA 2025) — for your current and legacy installations.

Oracle (OIM / OIG)

Per project

Through connectors / MCP — including as an AI overlay on a platform you plan to migrate off.

For on-prem IGA the AI layer and data stay inside the perimeter — even when the platform itself is legacy. A strong fit for regulated, residency-bound environments.

Built, not slideware

A working reference, then your platform

The whole AI layer is proven in our working product Midpoint AI — an overlay for Evolveum MidPoint. What you see in the Copilot is built and tested on a real IGA system, then delivered on top of your platform.

See our MidPoint practice →

Where the market is

The IGA market leader shipped its own MCP server in 2025 — the direction is validated by the industry. Our overlay goes wider: 9 tools spanning operations, audit and diagnostics, not just access requests — and an on-prem model when residency demands it.

Connect Claude Desktop, Cursor or any MCP client — the reasoning lives in the client, the governed data access lives in the Copilot.

The platform is investing in AI too

Evolveum MidPoint is moving confidently toward AI

The open-source platform our reference implementation is built on isn't standing still. Evolveum — the company behind MidPoint — runs an EU-funded AI programme, so our Copilot sits on a foundation with real, funded AI momentum.

  • midPilot — an EU-funded project (Slovakia's Recovery & Resilience Plan, NextGenerationEU): AI for application onboarding — connector generation, attribute mapping and correlation.
  • Finalist, AI Awards 2026 — Trustworthy AI category.
  • Gartner IAM Summit, London (9–10 Mar 2026) — Evolveum as a Silver Sponsor.
  • A 153-page architecture & research report (Milestone 1) — public and detailed.

The two AI layers are complementary. midPilot speeds up onboarding a new application (at configuration time); Access Copilot runs on top for day-to-day operations — natural-language queries, MCP, RAG and audit. One platform, two layers of AI.

Read Evolveum's midPilot research report (PDF) ↗
Security and residency

Data stays inside the perimeter

Use the LLM you've standardized on — on-prem keeps queries and system data inside your network
The AI acts as the authenticated user; privileges are never escalated
Sensitive operations (e.g. reading logs) sit behind a separate authorization action
Secrets (passwords, keys, tokens) are masked before they reach the answer
Rate-limiting guards against runaway agents — request throttling on the MCP endpoint and a minimum interval between chat requests
Scenarios

Scenarios by role

Grouped by role — each scenario answered by a single natural-language prompt.

IDM administrator

Access, inventory and connector checks — without hand-navigating the role tree.

  • “Who has access to system X, and through which roles and archetypes?”
  • “How many users, roles and resources are there? Show the breakdown.”
  • “Check that all resources are reachable. If one isn’t, explain why.”

Security / SOC

Incident investigation and privilege control in plain language.

  • “What changed on this account in the last 24h, and who initiated each change?”
  • “Who changed user passwords this week? Initiator → target → when.”
  • “Show failed login attempts today and their source channel.”

Auditor / Compliance

Evidence with citations to the docs — no hallucinated configuration.

  • “Find superusers whose password hasn’t changed in over 90 days.”
  • “How do I configure user sync from LDAP? Give the steps and link the docs.”
  • “What was in the logs in the last 30 minutes at ERROR level?”

Talk about a Copilot for your IGA

We'll demo it on a real system and come back within 48 hours with a fixed-fee proof-of-value scoped to your platform.

Talk to an engineer →
FAQ

Frequently asked questions

What is Identigy Access Copilot?

An AI copilot for IGA: a built-in admin AI chat, an MCP server and RAG on top of your identity system. Your team operates identity governance in natural language.

Which IGA platforms does it work with?

Natively with Evolveum MidPoint. With SailPoint and Oracle via the open MCP standard and connectors, per project. No platform replacement — it is an AI layer on top of what you already run.

Which LLM does the Copilot use?

The model your organization has adopted — on-prem/self-hosted or cloud, your choice. On-prem keeps queries and data inside the perimeter for data-residency cases.

What is MCP for identity governance?

Model Context Protocol — an open standard to connect external AI clients (Claude Desktop, Cursor, n8n) to your IDM. The Copilot exposes 9 tools: search/read objects, audit log, resource tests, RAG over docs, log tailing.

Is it secure to give AI access to the IDM?

Yes. The AI acts as the signed-in user, privileges are never escalated, sensitive operations sit behind a separate authorization action, and secrets are masked before they reach the answer.