OrbisID™
OrbisID™ is a Privileged Access Detection and Governance Tool for enterprise environments. It automatically scans your infrastructure to discover privileged access, accounts and entitlements, linking them to identities, and generates Key Risk Indicators (KRIs) and compliance reports.
What OrbisID Does
Most organisations know they have privileged accounts spread across Active Directory, servers, databases, and other systems. What they often lack is a single, accurate view of where those accounts are, who owns them, and whether they are appropriately managed in a PAM tool.
OrbisID solves this by:
- Discovering privileged accounts across Active Directory, Windows, Linux, SQL Server, and other systems
- Classifying accounts as Human or Non-Human using configurable policy rules
- Linking accounts to real-world identities so every privileged account has an owner
- Measuring risk through Key Risk Indicators (KRIs) with RAG (Red/Amber/Green) status
- Alerting on privileged behaviours to identify unknown privileged access
- Reconciling discovered accounts against your PAM tool inventory to find gaps
- Reporting on compliance posture with exportable reports
- Identifying GAPs in your PAM programme
Architecture Overview
OrbisID is deployed as a via Docker, with local agents and sensors to reach deep into your infrastructure:
| Component | Purpose |
|---|---|
| OrbisID | Central application that manages scan configuration, processes results, enforces policy rules, and provides the web interface and REST API |
| On-Premise Agents | Optional remote agent for scanning systems in segmented networks |
| Endpoint Sensors | Lightweight Java agents deployed on Windows servers that collect real-time Windows Event Log telemetry and forward it to OrbisID for threat detection (Enterprise edition) |
| PostgreSQL | Stores all configuration, scan results, and audit history |
Key Concepts
Target Systems
A target system is any infrastructure component that OrbisID scans for privileged accounts. Supported types include Active Directory, Linux (SSH), SQL Server, CSV imports, and custom scripts.
See Target Systems for the complete list of supported system types, connection requirements, and per-system configuration guides.
Accounts and Entitlements
An account is a user or service account discovered on a target system. Each account has entitlements (group memberships, permissions, roles, services) that determine its privilege level.
Identities
An identity represents a real person or service owner. Linking accounts to identities answers the question "who owns this privileged account?"
Key Risk Indicators (KRIs)
KRIs are metrics that measure your privileged access risk posture. Each KRI has configurable Green, Amber, and Red thresholds. Examples include:
- Privileged Without Owner - privileged accounts not linked to an identity
- Not in PAM Tool - privileged accounts not managed by your PAM solution
- Standing Privileges - always-on privileged access that should be just-in-time
PAM Reconciliation
OrbisID compares its discovered privileged accounts against the inventory from your PAM tool (CyberArk, BeyondTrust, Delinea, etc.) to identify unmanaged accounts that should be onboarded.
Scan Policies
A scan policy defines which systems to scan, when to scan them, and which classification rules to apply. Policies can run on-demand or on a schedule (daily, weekly, monthly, quarterly).
Policy Rules
Policy rules use Spring Expression Language (SpEL) to classify accounts. For example, a rule might mark any account that is a member of Domain Admins as PRIVILEGED.
Editions
OrbisID is available in three editions:
| Capability | Community | Pro | Enterprise |
|---|---|---|---|
| Max systems | 2 | 25 | Unlimited |
| Max users | 1 | 10 | Unlimited |
| Scheduled scans | - | 1 | Unlimited |
| Active Directory scanning | Yes | Yes | Yes |
| Linux scanning | Yes | Yes | Yes |
| SQL Server scanning | - | Yes | Yes |
| CSV import scanning | - | Yes | Yes |
| Custom script scanning | - | - | Yes |
| KRI monitoring | Basic (4 KRIs) | Full | Full |
| KRI snapshots and exceptions | - | Yes | Yes |
| CSV report export | - | Yes | Yes |
| API access and keys | - | - | Yes |
| SSO / OIDC authentication | - | - | Yes |
| PAM reconciliation | Yes | Yes | Yes |
See Licensing for full details.
Next Steps
- Requirements - check what you need before installing
- Quick Start - get OrbisID running in minutes
- User Guide - learn how to use the application
OrbisID™ is a trademark pending registration of Orbis Identity Ltd. All rights reserved.