Identity is the new perimeter. Know who has access to what — and why.
Compromised credentials, excessive access rights, dormant accounts, and misconfigured permissions are among the most common causes of successful cyberattacks. 786 Cyber gives you a clear, unified view of identity risk across your organisation.
Why identity matters
Over 80% of data breaches involve compromised credentials or misused access. Identity is where most attacks begin.
Firewalls and antivirus protect the perimeter. But the perimeter has moved. Today, an attacker with a valid username and password can walk straight past every technical control — because as far as the system is concerned, they are a legitimate user. Identity governance is the control layer that changes this.
"Identity governance isn't a feature of enterprise security — it's the foundation. You cannot protect what you cannot see, and you cannot see what you haven't mapped."
Identity governance is a business process, not just a security control.
Every person who joins, moves within, or leaves your organisation creates an identity event that has security implications. Who gets access to what? When is it revoked? Who approved it? Without documented processes and visibility, these questions go unanswered — and the answers are precisely what attackers exploit.
For growing businesses, identity risk compounds with every hire. Each new employee, contractor, or partner creates new access requirements that are rarely reviewed systematically. 786 Cyber gives you the visibility and processes to manage this at any scale.
For MSPs, identity governance is one of the most common gaps in client environments — and one of the highest-value services you can deliver. 786 Cyber's multi-tenant portal surfaces identity risk across every client from a single dashboard.
During onboarding
New staff need the right access from day one — no more, no less. A documented provisioning process ensures consistent, least-privilege access that reduces both security risk and onboarding friction.
During role changes
Promotions, team changes, and project access accumulate over time without review. Documented movers processes and periodic access reviews prevent privilege creep — the gradual accumulation of access that no one intended to grant permanently.
During offboarding
The most dangerous identity event is a departure that isn't handled correctly. Accounts left active, access not revoked, shared credentials not rotated — each one is a security incident waiting to happen. A documented leavers process closes these doors immediately.
During an incident or audit
When an incident occurs, the first question is always: who had access? 786 Cyber's audit trail answers this immediately — who had what access, when it was granted, when it was reviewed, and when it was revoked.
What you get
Module 4 — User Directory & Identity Governance
Phase 2 (Q2 2026) — 786 Cyber connects directly to Microsoft 365 and Google Workspace and surfaces identity risk across your entire organisation. The People Directory and CSV import are live today; full directory sync is rolling out.
User Directory & Identity Governance
Directory sync
Connect to Microsoft 365, Google Workspace, and Active Directory — a unified view of all users and access rights across your systems.
Access path mapping
Visual permission mapping shows who has access to what — and how they got it. Surface excessive privileges and shared credentials immediately.
Access risk scoring
Each user account scored based on privilege level, dormancy, MFA status, and access breadth — prioritising the accounts that represent the highest risk.
MFA enforcement tracking
See MFA coverage across all users and systems at a glance — with step-by-step deployment guidance for any gaps.
Joiners, movers, leavers workflows
Documented user lifecycle processes — provisioning, access reviews, and offboarding — that run consistently without manual oversight.
Identity controls are tagged to compliance frameworks automatically
MFA enforcement, access reviews, and least privilege controls satisfy requirements across Cyber Essentials, ISO 27001, GDPR, NIS2, and NIST CSF simultaneously. Implement once — progress across all relevant frameworks.
Platform features
Identity governance built into the platform — from day one.
While Module 4 is in development, 786 Cyber already covers the identity governance requirements that matter most for compliance — through policies, controls, and the access management features available today.
Role-based access control
Admin, Security Lead, and Viewer roles — assign the right level of platform access to each team member. Full audit trail of who changed what and when.
Password & access policies
Password Policy and Acceptable Use Policy generated automatically — documenting MFA requirements, access standards, and user responsibilities.
MFA control tracking
MFA implementation tracked as a control in your compliance roadmap — tagged to Cyber Essentials, ISO 27001, and GDPR requirements simultaneously.
Audit trail
Every platform action logged — who accessed what, when policies were updated, when controls were implemented. Essential for access-related audit evidence.
Multi-org & MSP portal
Manage identity and access controls across multiple organisations. MSPs surface identity risk across every client from a single dashboard.
Monthly identity risk summaries
Monthly reports flag outstanding identity controls — MFA gaps, access review status, and role-based access changes — keeping leadership informed.
Framework coverage
Frameworks with strong identity and access control requirements.
Cyber Essentials
User access control is one of the 5 CE categories — MFA, least privilege, and account reviews all required.
ISO 27001
Annex A.9 (Access Control) and A.6 (Identity governance) are among the most audited ISO 27001 controls.
UK & EU GDPR
Article 32 requires access controls and authentication measures as technical security measures.
NIS2
NIS2 requires documented access control policies and privileged access management for essential entities.
Capabilities
Identity governance, end to end.
User Directory
A live view of every person in your organisation — role, department, access level, MFA status. Synced from Microsoft 365 or Google Workspace, or imported from CSV. Always current.
Identity Governance
Manage the full identity lifecycle. Flag dormant accounts, track access changes, surface over-privileged users. Joiners, movers, and leavers — handled systematically, not manually.
MFA & Access Control
Track MFA adoption across your organisation. See who is protected, who is not, and which systems are exposed. Evidence your access controls against Cyber Essentials, ISO 27001, and more.
Identity Posture
A single risk score for your organisation's identity health — combining MFA coverage, dormant accounts, privileged access, and joiner/leaver lag. Actionable, not just a number.
Take control of who has access to what.
Start with your MFA and access control policies — generated in minutes, tagged to every relevant framework.
For MSPs: enquire about the partner programme →