KeySprawl

KeySprawl is a web app (with lightweight agents/connectors) that finds and fixes “identity sprawl” across SaaS, cloud, and internal apps: orphaned accounts, duplicate identities, dormant access, and shadow admins. Instead of trying to replace your IdP, it sits beside Okta/Azure AD/Google Workspace and continuously reconciles who has access to what, why, and whether it’s still justified. It pulls signals from HRIS, SCIM directories, SSO logs, and app admin APIs to flag risky access and drive automated cleanup workflows (disable, deprovision, revoke roles, rotate tokens) with approvals and audit trails. The product focuses on the messy reality: inconsistent naming, contractors, shared accounts, and apps that don’t support SCIM. You get a live “access debt” score, weekly cleanup queues, and evidence packs for SOC 2/ISO 27001 without spreadsheet hell.