AurelionSolutions
Platform

The open foundation for identity-security products.

Aurelion is an IVIP-native identity security framework: a graph-first identity intelligence layer with governance, access analysis, lifecycle and authorization products built on top.The framework provides the reusable platform, inventory and engine layers required to build enterprise-grade identity-security solutions.

View Developer DocsRequest Enterprise Briefing
Layer 1

Platform

The platform layer is a set of pluggable service factories that abstract every external dependency identity-security products rely on: application connectors, MQ brokers, storage providers, datalakes, SIEM endpoints, secrets managers and LLM integrations. Each factory exposes a stable interface so partners can plug in their own provider — SAP or Okta, Kafka or RabbitMQ, S3 or Azure Blob, Snowflake or Databricks, Splunk or Elastic, Vault or AWS Secrets Manager, OpenAI or a private model — without changing engine or product code.
Primary factory

Application Connectors

The most-used factory in any Aurelion deployment. Defines how identities, accounts, entitlements and access events flow in from connected systems — HR, IdPs, SaaS, cloud, on-prem and custom applications. Use the built-in connector library or implement custom connectors via the SDK.

SAPWorkdayOktaEntra IDMicrosoft ADSalesforceServiceNowGitHubAWSGCPCustom
  • MQ Brokers
  • Storage Providers
  • Datalakes
  • SIEM Endpoints
  • Secrets Managers
  • LLM Integrations
Layer 2

Inventory

The inventory layer is a reusable identity-security domain model — the shared object graph every product built on Aurelion reads from and writes to. It groups into three concerns: who is in the system, what they can access and the governance state around it.

Identities

Humans and machines under governance

  • Customers
  • Employees
  • Contractors
  • Workloads
  • AI agents

Access model

Permissions and protected resources

  • Roles
  • Privileges
  • ACL
  • Files
  • Databases

Governance state

Rules, findings and current state

  • Policies
  • Findings
  • Mitigations
  • Access facts
  • Lifecycle state
Layer 3 — Engines

Reusable engines for identity-security products.

Aurelion provides composable engines — from reconciliation, sync, PDP and access analysis to authentication, identity event processing, NHI discovery, ITSM integration, audit reporting and an LLM assistance layer that augments every engine.

  • Reconciliation

    Compare incoming access artifacts with current normalized access facts and calculate deltas.

  • Sync / Apply

    Materialize approved changes into normalized access facts and apply them to downstream systems through connectors and controlled execution flows.

  • PDP

    Evaluate access, SoD, lifecycle and governance policies through a reusable assessment layer.

  • Access Analysis

    Run retrospective scans over identity and access state to detect risks, violations and findings.

  • Effective Access

    Project real access from accounts, roles, privileges, groups and resource bindings.

  • Lifecycle Orchestration

    Coordinate the identity lifecycle and other identity-change workflows through intent-driven orchestration.

  • Authentication

    Pluggable authentication for users, services and machines: passwords, OIDC, SAML, MFA, passkeys, mTLS and token issuance.

  • Identity Event Pipeline

    Collect, normalize and process all identity-related events from connected systems for downstream engines, audit and analytics.

  • NHI Discovery

    Discover, classify and continuously maintain inventory of non-human identities, service accounts, tokens and machine credentials.

  • ITSM Gateway

    Bidirectional bridge to ITSM systems for seamless access requests, approvals and ticket-driven provisioning flows.

  • Audit Reporting

    Reusable reporting engine for internal audit, external auditors, regulators and access certification campaigns.

  • AI Assistance

    LLM layer that augments every engine — explanations, recommendations, anomaly detection, natural-language queries and policy authoring.
Layer 4

Product layer

The product layer belongs to partners. A partner can build an IGA suite, a strict ILM implementation, an IdP, an NHI product, a governance dashboard or a vertical-specific identity-security solution.
Architecture

A modular kernel for identity-security systems.

Aurelion separates infrastructure, domain state, reusable engines and product layers so partners can build serious identity-security systems without starting from zero.

  • Kernel-first

    Core identity-security logic lives in the reusable kernel.

  • Product layer outside

    Partners build differentiated products above the framework.

  • Engines are reusable

    Reconciliation, PDP and access analysis are not tied to one UI.

  • Inventory is shared

    Products reuse the same identity-security object model.

  • Open implementation

    Customers and partners can inspect the code.

  • Enterprise distribution

    Production use is governed through signed releases, LTS and support.

Example product builds

  • Aurelion + Product Layer = IGA
  • Aurelion + Product Layer = ILM
  • Aurelion + Product Layer = PDP service
  • Aurelion + Product Layer = NHI governance
  • Aurelion + Product Layer = Regional identity platform
  • Aurelion + Product Layer = ISPM product
Solutions

One framework. Many identity-security products.

Partners can use Aurelion to build focused ILM systems, full IGA products, PDP services, NHI governance tools, ISPM products and regional identity platforms.

  • IGA

    Identity governance and administration products using shared inventory, reconciliation, policy and lifecycle engines.

  • ILM

    Focused identity-lifecycle solutions without adopting or reselling a full IGA suite.

  • PDP / Policy Decisioning

    Embed policy decisions into access workflows, approval processes and downstream systems.

  • NHI Governance

    Model, analyze and govern non-human identities, service accounts, tokens and machine access.

  • ISPM

    Identity Security Posture Management — continuous visibility, audit and risk posture for every identity. Surfaces orphaned, unused, privileged and terminated-subject access as severity-graded findings on top of normalized access facts.

  • Regional Identity Platform

    Localized identity-security products adapted to local regulation, language and enterprise practices.
Architecture Principles

Built for openness, reuse and local adaptation.

  • Open code
  • Composable engines
  • Partner-owned product layer
  • Enterprise-grade distribution
  • Inspectable security foundation
  • No forced SaaS dependency
  • Reusable domain model
  • Clear commercial boundaries
Build on the framework

Start building identity-security products.

Read the developer docs, evaluate the enterprise kernel, or talk to us about partnership.

View Developer DocsTalk to Aurelion