> For the complete documentation index, see [llms.txt](https://docs.sola.security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sola.security/resources/prompt-library/identity-security.md).

# Sola for Identity Security

Identity risk is distributed across multiple platforms, making cross-system visibility essential.

Sola connects identity data across your identity providers, cloud platforms, and SaaS applications to surface access risks, credential misuse, and privilege issues that no single tool sees on its own.

This page explains the key concepts behind **Identity Security and Access Analysis**, what it is, why it matters, and how Sola helps you investigate it.

Get started with these below **ready-made Ask and Build prompts**, or the **Prompt library**, both available directly in the Sola chat interface.

<details>

<summary><img src="/files/DESMoC6l1Gr9uaynao5N" alt=""> <em><strong>Ask</strong>: Find identity and access risks</em></summary>

Copy this prompt into [Sola AI](https://app.sola.security/) to get started:

{% code overflow="wrap" %}

```
I want to understand identity-related security risks across my systems. Guide me to identify which identity data source I should connect first - such as Okta, AWS, Google Workspace, or GitHub - or if I already have one connected, ask me which to use. Then help me discover issues like MFA gaps, dormant accounts, privilege creep, or token misuse that could lead to unauthorized access. Guide me to the best next step to quickly experience Sola's value. Do this as an interactive conversation, guide me one step at a time, avoid long explanations upfront, and pause for my response.
```

{% endcode %}

</details>

<details>

<summary><img src="/files/DESMoC6l1Gr9uaynao5N" alt=""> <em><strong>Build</strong>: Track identity and access risks</em></summary>

Copy this prompt into [Sola AI](https://app.sola.security/) to get started:

{% code overflow="wrap" %}

```
I want to build an app that continuously monitors identity and access risks across my systems. Guide me to identify which identity platforms I should connect first - such as Okta, AWS IAM, Google Workspace, or GitHub - or if I already have one connected, ask me which to use. Then help me build queries to detect issues like MFA gaps, dormant accounts, privilege creep, and token misuse, create canvases showing access patterns over time, and set up alerts for risky identity changes. Guide me to the best next step to quickly experience Sola's value. Do this as an interactive conversation, guide me one step at a time, avoid long explanations upfront, and pause for my response.
```

{% endcode %}

</details>

## What is Identity Security & Access Analysis?

Identity security is the practice of ensuring that the right people have the right access to the right resources. It covers authentication, authorization, and the full lifecycle of user accounts, service accounts, and machine identities across cloud and SaaS systems.

In simple terms, identity security helps answer the question:\
\&#xNAN;***"Who has access to what, should they, and what is the impact of an identity takeover?"***

Risks addressed include:

* MFA gaps and weak authentication across cloud, SaaS, and identity providers.
* Dormant or orphaned accounts with active permissions.
* Excessive privileges inconsistent with a user's role or team.
* Compromised credentials and suspicious login patterns.
* Service accounts and machine identities with uncontrolled access or no documented owner.

## Why is Identity Security important

Identity is the #1 initial access vector in modern attacks.

A single compromised credential or misconfigured permission can give an attacker access to everything connected to it. The risk is rarely a single account, it is the chain of permissions across systems that creates real exposure.

Investigating identity risk requires correlating data across identity providers, cloud platforms, and SaaS applications. Without a unified view, gaps go undetected.

## Identity security with Sola

Sola's graph model resolves the same person across all connected identity systems and surfaces cross-system privilege risks that siloed tools can potentially miss.

With Sola, you can:

* **Correlate** identity data across identity providers, cloud platforms, and SaaS applications into a single risk view.
* **Detect** MFA gaps, stale accounts, and excessive privileges across all connected systems.
* **Surface** compromise signals including failed logins, new devices, token creation, and privilege escalation.
* **Audit** service accounts and machine identities for missing controls or excessive permissions.
* **Map** privilege chains to identify lateral movement paths before they are exploited.

## Prompt library examples

Browse and run these prompts directly from the Prompt library in the Sola chat interface.

<img src="/files/MLlMKRdCI1cJhQemb1Ho" alt="Prompt Library" data-size="original">

<details>

<summary><strong>MFA &#x26; Authentication Hygiene</strong></summary>

{% code title="PROMPT" overflow="wrap" %}

```
Show all identities with weak or missing MFA - no MFA enrolled, SMS-only, or MFA bypassed for specific apps. Prioritize privileged accounts, cloud admins, and anyone with access to production systems.
```

{% endcode %}

</details>

<details>

<summary><strong>Cross-System Privilege Audit</strong></summary>

{% code title="PROMPT" overflow="wrap" %}

```
ist users whose combined permissions across Okta, AWS IAM, and Google Workspace are excessive or inconsistent with their role. Flag anyone with admin access in more than one system, especially accounts that aren’t in IT or Security.
```

{% endcode %}

</details>

<details>

<summary><strong>Stale &#x26; Orphaned Accounts</strong></summary>

{% code title="PROMPT" overflow="wrap" %}

```
Identify accounts and API tokens that haven’t been used in 30+ days. Prioritize by privilege level - start with cloud and SaaS admins, then any account with production access. Show whether each account has an active owner.
```

{% endcode %}

</details>

<details>

<summary><strong>Service Account &#x26; Non-Human Identity Audit</strong></summary>

{% code title="PROMPT" overflow="wrap" %}

```
List all service accounts, API keys, and machine identities across cloud and SaaS systems. Flag any with admin-level permissions, no expiration date, no rotation policy, or no documented owner.
```

{% endcode %}

</details>

<details>

<summary><strong>Identity Risk by Team</strong></summary>

{% code title="PROMPT" overflow="wrap" %}

```
Which teams or departments have the highest identity risk exposure? For each, show average privilege level, MFA coverage, inactive account count, and any open compromise signals.
```

{% endcode %}

</details>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sola.security/resources/prompt-library/identity-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.