Open-Source Cybersecurity Tools: Identity & Access Security
← Back to Open-Source Cybersecurity Tools Hub | Full Open Source Catalog | Main Atlas
This category contains 6 documented tools. It focuses on capabilities used for identity lifecycle control, adaptive authentication, and privileged access governance. Use this section when building shortlists, comparing operational tradeoffs, and mapping controls to detection/response ownership.
Category Evaluation Checklist
- Coverage depth against your highest-priority threats and compliance obligations.
- Operational overhead for deployment, tuning, and long-term maintenance.
- Signal quality versus analyst workload and false-positive pressure.
- Integration fit with SIEM, ticketing, identity, cloud, and engineering workflows.
- Governance readiness including auditability, ownership clarity, and change control.
Jump by Name
Letter F
This letter section contains 1 tools.
Firezone
- Website: https://www.firezone.dev/
- Model: Open Source
- Category: Identity & Access Security
- Source Lists: Awesome Cybersecurity Blue Team
What it does: Firezone is used in identity & access security programs to support identity lifecycle control, adaptive authentication, and privileged access governance. Source summaries describe it as: Self-hosted VPN server built on WireGuard that supports MFA and SSO.
Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.
Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.
Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > Transport-layer defenses > Overlay and Virtual Private Networks (VPNs).
Letter I
This letter section contains 1 tools.
Identity Threat Detection and Response
- Website: https://www.semperis.com/blog/evaluating-identity-threat-detection-response-solutions/
- Model: Open Source
- Category: Identity & Access Security
- Source Lists: Awesome SOC
What it does: Identity Threat Detection and Response is used in identity & access security programs to support identity lifecycle control, adaptive authentication, and privileged access governance. Source summaries describe it as: ** (ITDR) for identity and AD/AAD security (audit logs, or specific security monitoring solutions):.
Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.
Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.
Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Mission-critical means (tools/sensors) > Critical sensors for a SOC.
Letter L
This letter section contains 1 tools.
LunaSec
- Website: https://github.com/lunasec-io/lunasec
- Model: Open Source
- Category: Identity & Access Security
- Source Lists: Awesome Security
What it does: LunaSec is used in identity & access security programs to support identity lifecycle control, adaptive authentication, and privileged access governance. Source summaries describe it as: Database for PII with automatic encryption/tokenization, sandboxed components for handling data, and centralized authorization controls.
Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.
Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.
Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Datastores.
Letter S
This letter section contains 2 tools.
Security bastion (PAM) and Active Directory tiering mode: how to reconcile the two paradigms?
- Website: https://www.riskinsight-wavestone.com/en/2022/10/security-bastion-pam-and-active-directory-tiering-mode-how-to-reconcile-the-two-paradigms/
- Model: Open Source
- Category: Identity & Access Security
- Source Lists: Awesome SOC
What it does: Security bastion (PAM) and Active Directory tiering mode: how to reconcile the two paradigms? is used in identity & access security programs to support identity lifecycle control, adaptive authentication, and privileged access governance. Source summaries describe it as: Source list entry describing this security tool and its use case.
Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.
Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.
Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: To go further > Must read.
Security Checklist by OWASP
- Website: https://owasp.org/www-project-application-security-verification-standard/
- Model: Open Source
- Category: Identity & Access Security
- Source Lists: Awesome Security
What it does: Security Checklist by OWASP is used in identity & access security programs to support identity lifecycle control, adaptive authentication, and privileged access governance. Source summaries describe it as: A checklist by OWASP for testing web applications based on assurance level. Covers multiple topics like Architecture, IAM, Sanitization, Cryptography and Secure Configuration.
Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.
Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.
Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Development.
Letter W
This letter section contains 1 tools.
Wallix PAM
- Website: https://www.wallix.com/privileged-access-management/
- Model: Open Source
- Category: Identity & Access Security
- Source Lists: Awesome SOC
What it does: Wallix PAM is used in identity & access security programs to support identity lifecycle control, adaptive authentication, and privileged access governance. Source summaries describe it as: Source list entry describing this security tool and its use case.
Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.
Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.
Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: To go further > Harden SOC/CSIRT environment.