![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 40 40" xmlns="http://www.w3.org/2000/svg"><path d="M 13.469 3.922 L 6.735 0 L 0 3.922 L 0 11.766 L 6.735 15.688 L 13.469 11.766 Z" fill="rgb(255, 255, 255)" height="15.687619951829877px" id="rU8n77_aK" transform="translate(5.705 3)" width="13.469214158556383px"/><path d="M 13.469 3.922 L 6.734 0 L 0 3.922 L 0 11.766 L 6.734 15.688 L 13.469 11.766 Z" fill="rgb(255, 255, 255)" height="15.687619951829877px" id="ZH7nL5cep" transform="translate(21.236 3)" width="13.469239309083946px"/><path d="M 0 3.922 L 0 11.766 L 6.735 15.688 L 13.469 11.766 L 13.469 3.922 L 6.735 0 Z" fill="rgb(255, 255, 255)" height="15.687619997544886px" id="iK8AG0CPp" transform="translate(5.705 21.312)" width="13.469214158556383px"/><path d="M 0 3.922 L 0 11.766 L 6.734 15.688 L 13.469 11.766 L 13.469 3.922 L 6.734 0 Z" fill="rgb(255, 255, 255)" height="15.687619997544886px" id="D1IGEWfWS" transform="translate(21.234 21.312)" width="13.469239309083946px"/></svg>)
Use case
Discover Shadow Identities
Shadow identities - unmanaged apps, orphaned accounts, and ad-hoc credentials outside IT’s control - are major blind spots in identity programs. They expose weak passwords, bypass MFA, and leave no audit trail. Torch helps IAM teams discover these identities and bring them under governance by linking them to the IdP, importing them into IGA, or vaulting passwords to enable SSO.
The Challenge
The Risks of Shadow Identities
Unmanaged apps spread quickly as teams adopt SaaS without IT, leading to weak or abandoned accounts. These shadow identities increase breach risks, block consistent policy enforcement, and create compliance gaps. IAM platforms without discovery can’t protect what remains unseen.
The Solution
Bring Shadow Identities Under Control with Torch
Torch continuously scans for unmanaged identities and applications across endpoints, directories, and access logs, builds a real-time map of shadow apps and accounts, and enables IAM teams to vault credentials, convert password-based logins into SSO-ready access, and ingest identities into existing IAM platforms. With Torch, organizations gain visibility, reduce risk, and extend their IAM coverage seamlessly.
key capbilites
Shadow App Discovery
Identify unmanaged SaaS and legacy apps in use across the organization.
Secure Vaulting & SSO Enablement
Vault credentials and enable MFA/SSO for password-based apps.
IdP and IGA Integration
Push discovered apps and entitlements into IdPs and IGAs for centralized governance.
how it works
How does Torch find shadow identities?
Torch analyzes system logs, endpoint behavior, and access patterns to surface unmanaged apps and accounts.
What happens once an app is discovered?
Torch maps it to your IAM system, vaults credentials if needed, and enables secure SSO access.
Can this integrate with our existing IGA or IdP?
Yes — Torch feeds discovered identities into platforms like Okta, SailPoint, and Azure AD, extending their visibility and control.
How does this improve security posture?
By eliminating unmanaged accounts, enforcing MFA on password-based apps, and centralizing control, Torch reduces breach risks and strengthens overall identity security.