Visit Unixi at Black Hat (Booth 5921): Secure what your IdP can't |
Book a Meeting

The Identity Timeline Asymmetry: Why Our Dashboards Are Lying to Us

Field CISO at Unixi

Introduction: The Mirage of the Green Dashboard

When I sat in the enterprise CISO chair, I used to take a lot of comfort in our Identity Provider (IdP) dashboard. It was a sea of clean metrics and green checkmarks or if there was a gap the remedy was known. We had mapped our core enterprise applications, enforced strict MFA, and built what we thought was a tight identity governance program.

But recently, reflecting on my conversations at Identiverse, a deeply unsettling question has been echoing in my mind:

What if the applications we govern are simply the applications we’ve managed to find?

As security leaders, we like to believe our identity perimeter is solid. But the reality I lived as a practitioner, and the reality I see every day talking to peers now – is that we are suffering from a massive illusion of control. We are governing a fraction of our actual footprint, while the rest operates in the shadows.

The Battle of Timelines: Discovery vs. Authentication

The deeper you look into modern enterprise identity, the more you realize that discovery and authentication operate on entirely different timelines.

Discovery is slow, manual, and reactive. It is a prerequisite for visibility, which is a prerequisite for understanding. But here is the critical flaw in traditional IAM architecture: Neither discovery nor visibility is a prerequisite for authentication.

Employees don’t wait for IT to vet a tool when they have a job to do. They sign into a vendor portal to ship a package, spin up an obscure developer tool to test a feature, or drop corporate data into a new AI productivity service they found online.

When they do this, an identity event occurs instantly:

  1. A vulnerable password or OAuth token is used.
  2. Trust is established.
  3. Access is granted.
  4. Work gets done.

The authentication simply happens. It doesn’t wait for the security team to discover the app. It doesn’t wait for a SAML integration, a SCIM provisioning workflow, or a formal governance review.

Bridging the Identity Arsenal Gap

This creates a dangerous dynamic. Most traditional identity controls (like Okta or Microsoft Entra) are designed to activate after an application has been found, negotiated, and manually integrated into the identity ecosystem. They do exactly what they were built to do, but they leave out the 50%–85% of applications that don’t natively support these frameworks.

This is what Unixi calls the Identity Arsenal Gap. Traditional IdPs are fundamentally blind to the browser-level realities of decentralized work. They cannot govern the thousands of unmanaged, non-SAML, and Shadow SaaS applications being authenticated into every single day.

This isn’t an identity failure or a user compliance failure. It’s a visibility problem. Because traditional tools require manual integration before they can see an app, they force security teams to manage by hindsight. By the time an application shows up on a quarterly discovery audit, your corporate data has already been sitting in it for three months.

Why I Moved from Unixi Customer to Field CISO

When I was a Unixi customer, this was the exact architectural flaw I was trying to solve. I realized that if we wanted to true up our security posture, we had to flip the script on the authentication timeline. We couldn’t wait for an application to be integrated to start governing it.

That is why Unixi’s approach is so fundamentally disruptive to traditional IAM thinking. By utilizing a patented browser-level extension driven by Key Derived Authentication (KDA), Unixi closes the timeline gap entirely.

Instead of waiting for an app to be onboarded to get visibility, Unixi handles continuous discovery and universal single sign-on (uSSO) simultaneously. The moment an identity event occurs on any application, managed or shadow – Unixi sees it, maps it, and applies governance instantly, without requiring complex backend configurations or hitting the dreaded “SSO tax.”

Visibility is Where Control Begins

Control starts with understanding what is actually happening inside your environment. If you are only controlling the apps on your traditional IdP dashboard, you aren’t managing your risk, you’re just managing your list.

I left my role as an enterprise CISO to join Unixi because I realized we cannot secure the future of work using reactive, integration-heavy identity frameworks. We need an architecture that acknowledges reality: authentication happens in real-time, and our visibility must match it. Once you see it, you can control it.

 

FAQs

What is the "Identity Arsenal Gap"?

The Identity Arsenal Gap refers to the blind spot created when traditional Identity Providers (IdPs) like Okta or Microsoft Entra cannot see or govern the 50% to 85% of enterprise applications that lack native SAML or SCIM support. This forces security teams to only manage the applications they have manually integrated, leaving Shadow SaaS entirely unmonitored.

Why are traditional Identity Providers (IdPs) blind to Shadow SaaS?

Traditional IdPs require an application to be manually onboarded and integrated into the identity ecosystem before they can provide visibility or control. Because employees can authenticate into new tools instantly via the browser without waiting for IT setup, authentication happens entirely outside the traditional IdP's timeline.

How does Unixi discover unmanaged applications?

Unixi bypasses traditional backend integration requirements by utilizing a patented browser-level extension. This allows it to perform continuous discovery and apply universal Single Sign-On (uSSO) the exact moment an identity event occurs on any application, whether it is officially managed by IT or operating in the shadows.

What is Key Derived Authentication (KDA) and how does it help?

Key Derived Authentication (KDA) is the technology driving Unixi's browser-level approach. It flips the script on the traditional authentication timeline by coupling discovery with access control, allowing organizations to instantly map and govern identity events across all applications without relying on slow, manual configurations or paying an "SSO tax."

Why is relying on quarterly identity discovery audits a security risk?

Traditional discovery methods are slow, manual, and reactive. If an application is only found during a quarterly audit, it means corporate data has already been sitting exposed inside that unmanaged tool for up to three months before the security team even becomes aware of its existence.

Mohamed Mawji

Field CISO at Unixi

Mohamed Mawji is the Field CISO at Unixi. He brings over a decade of enterprise security leadership, engineering, and architecture experience, most recently serving as the Senior Director of Cyber Security at GS1 Canada. Having initially engaged with Unixi as a customer facing the complex realities of modern enterprise authentication, he joined the company to build its internal security program and collaborate with security leaders in the field. Drawing from his background architecting security across critical supply chain registries and healthcare infrastructure at Trillium Health Partners, he focuses on real-world identity governance, operational risk gaps, and building sustainable, audit-ready security programs that hold up under modern scrutiny.

Explore more