rn.identity
Home About Team Product CLI Changelog Pricing Blog Contact
v2.5.0  ·  AI anomaly detection now in beta

Automate every
Microsoft identity
lifecycle event

rn.identity connects to Microsoft Graph and Entra ID — provisioning, offboarding, license auditing and playbook automation in one CLI-first platform built for IT and security teams.

rn-identity — zsh — offboard workflow
0+
Organizations
0%
Faster provisioning
0s
Avg offboard time
0M
Identities managed
01 — Provisioning

New hire. Ready in seconds.

Drop a CSV or pipe an API payload and RN creates the Entra ID account, assigns licenses, configures conditional access, and fires a welcome email — all in the time it takes to make a coffee. Role templates for Engineering, Sales, Finance and custom roles are built-in and shareable across your team.

  • CSV or API-driven bulk import
  • Role templates ship with all tiers
  • Conditional access applied automatically
  • Webhook trigger from your HRIS (Workday, BambooHR)
provision — new-hire-engineering
$ rn provision --csv new-hires.csv --template engineering Reading new-hires.csv... 7 users found Template: engineering (E3 license, MFA enforced) ✓ alex.rivera@contoso.com provisioned ✓ sam.okafor@contoso.com provisioned ✓ jess.huang@contoso.com provisioned ✓ tom.walsh@contoso.com provisioned ✓ nina.patel@contoso.com provisioned ✓ kai.brooks@contoso.com provisioned ✓ rin.yamada@contoso.com provisioned 7 accounts created · 7 E3 licenses assigned Completed in 4.2s · Audit logged
offboard — graceful
$ rn offboard --upn c.ford@contoso.com --playbook offboard-graceful ✓ Sessions revoked (3 tokens cleared) ✓ Account disabled in Entra ID ✓ MFA methods removed ✓ Mailbox → shared, forwarding set ✓ Removed from 14 security groups ✓ License reclaimed (saves $36/mo) ✓ OneDrive archived to retention Completed in 11.4s Audit event #AE-48821 logged
02 — Offboarding

11 seconds. Nothing left behind.

When someone leaves, RN runs a sequenced playbook — sessions revoked, account disabled, MFA cleared, mailbox converted, groups removed, license reclaimed — in the right order, every time, in under 15 seconds. Every step is auditable and every deviation is flagged.

  • Sequenced, not scripted — deterministic order every time
  • Immediate and graceful modes available
  • Auto-notifies manager and IT distribution list
  • SOX / SOC 2 compliant audit record per run
03 — License intelligence

Stop paying for seats nobody uses.

RN audits every SKU assignment in your tenant daily. It surfaces inactive licenses, duplicate SKUs, over-provisioned accounts and licensed shared mailboxes — then reclaims them on a schedule you define. The average customer identifies recoverable spend within 48 hours of deployment.

  • Daily audit, zero manual work
  • Stale account detection (90+ days inactive)
  • E5 → E3 downgrades with manager approval flow
  • Weekly email digest with waste summary
licenses audit — contoso.onmicrosoft.com
$ rn licenses audit WASTE SUMMARY — contoso.onmicrosoft.com ────────────────────────────────────────── Stale accounts (90d+) 89 $3,204/mo Over-provisioned (E5→E3) 47 $987/mo Shared mailbox licenses 12 $432/mo Duplicate SKUs 31 $620/mo ────────────────────────────────────────── Recoverable $5,243/mo Run 'rn licenses reclaim --dry-run' to preview
How it works

From zero to automated in four steps

01
Connect your tenant
Authenticate with Entra ID using device-code flow or a service principal. RN requests only the Graph scopes it needs — User.ReadWrite.All, Group.ReadWrite.All. No global admin required.
02
Sync your directory
RN syncs your Entra ID users, groups, licenses and assigned roles using Graph delta queries — so subsequent syncs take seconds, not minutes. Initial sync for 50,000 users completes in under 9 minutes.
03
Configure playbooks
Define your provisioning templates and offboarding sequences in YAML or via the dashboard. Use built-in actions or write custom Graph API calls. Trigger via CLI, webhook, or schedule.
04
Monitor and audit
Every action is logged, timestamped and tied to the operator who ran it. Set up Slack alerts, email digests or webhook notifications. Export audit logs for SOC 2, ISO 27001 or SOX compliance.
Terminaldevice-code auth
$ rn auth login --tenant contoso.onmicrosoft.com Opening browser for device-code flow... Code: HXKP4-MBZRT URL: https://microsoft.com/devicelogin ✓ Authenticated as admin@contoso.com ✓ Scopes granted ✓ Token cached at ~/.rn/tokens/contoso.json
Terminaldirectory sync
$ rn sync Pulling directory from Graph API... Users 2,847 Groups 94 Licenses 3 SKUs ✓ Sync complete in 8.1s ⚠ 31 stale accounts detected ⚠ 12 duplicate SKU assignments
Terminalplaybooks
$ rn playbooks list NAME TRIGGER ────────────────────────────── new-hire-engineer manual / webhook new-hire-sales webhook offboard-graceful manual offboard-immediate manual license-audit scheduled (Mon 08:00)
Terminalaudit log
$ rn audit log --last 4 TIME ACTOR ACTION STATUS ─────────────────────────────────────────── 14:22 j.park provision user OK 13:55 auto assign license OK 11:30 s.chen offboard user OK 09:14 m.webb remove group WARN
Developer-first

The rn CLI in action

Every dashboard action is available as a CLI command. Pipe it, script it, wire it into GitHub Actions.

rn usersuser management
# List all users with license info $ rn users list --format table # Search by display name or UPN $ rn users get --upn j.smith@contoso.com # Export stale accounts (90+ days inactive) $ rn users list --filter stale --days 90 --output stale.csv # Reset password and force change on next sign-in $ rn users reset-password --upn j.smith@contoso.com --force-change
rn offboardoffboarding automation
# Run graceful offboard (manager notified, mailbox converted) $ rn offboard --upn c.ford@contoso.com --playbook offboard-graceful # Immediate offboard (security incident — sessions revoked first) $ rn offboard --upn c.ford@contoso.com --playbook offboard-immediate # Dry-run to preview what will happen $ rn offboard --upn c.ford@contoso.com --dry-run # Bulk offboard from CSV (e.g. RIF event) $ rn offboard --csv terminations.csv --playbook offboard-graceful
rn licenseslicense intelligence
# Full audit of all SKUs $ rn licenses audit # Reclaim licenses — preview first $ rn licenses reclaim --type stale,duplicate,shared-mailbox --dry-run $ rn licenses reclaim --type stale,duplicate,shared-mailbox --confirm # Assign specific license to user $ rn licenses assign --upn new@contoso.com --sku M365_E3 # Export license report as HTML for stakeholders $ rn licenses audit --format html --output report.html
rn playbooksautomation sequences
# List all configured playbooks $ rn playbooks list # Inspect a playbook's steps $ rn playbooks describe offboard-graceful # Create a playbook from a YAML definition $ rn playbooks create --file contractor-offboard.yaml # Run a playbook manually $ rn playbooks run license-audit --notify it@contoso.com
From the field

Teams that switched don't go back

"

We offboarded 23 contractors in a single Friday afternoon. Took 4 minutes total. Used to take our team an entire day of manual PowerShell and tickets.

DW
Devon Walsh
IT Director · Brightwell Logistics
"

The audit log alone justified the purchase. Our SOC 2 auditors were impressed that every identity action had an actor, timestamp, and outcome attached to it.

PK
Priya Khatri
Head of InfoSec · Meridian Health
"

Set up in 40 minutes. No PowerShell, no custom scripts, no begging the Azure team for elevated permissions. Exactly what I needed as a one-person IT department.

ML
Marcus Leung
Senior SysAdmin · Nexora Software
Get started

Start automating in under an hour

Free 14-day trial. No credit card. Full feature access from day one.

rn.identity

Microsoft identity lifecycle automation for IT teams that care about security and sleep.

Product
Dashboard CLI Reference Changelog Pricing
Company
About Team Blog Contact
Legal
Privacy Policy Terms of Service Security SOC 2 Report
© 2026 rn.identity, Inc. All rights reserved.
PrivacyTermsSecurity
Our story

We are on a mission to make identity boring.

Identity operations should not require a PhD in PowerShell. We are fixing that.

Founded December 2025 · Seattle, WA

Built by people who lived the problem

James Thornton spent six years as an Azure Identity PM at Microsoft watching enterprise IT teams struggle with the same manual processes week after week. When he left in 2025, he called Sarah Chen — who had just wrapped up leading the MSAL SDK team — and they started building the tool they always wished existed.

rn.identity launched in January 2026. We closed our seed round in March, hired a small team of people who had all felt this pain firsthand, and shipped SOC 2 Type II in April. We are seven months old and already managing identity for 287 organizations across North America and Europe.

We believe the right answer to identity management is boring automation that works every single time.

By the numbers
287+
Organizations
$6.8M
Seed round
Dec'25
Founded
4.2M
Identities managed
How we work

Six things we do not compromise on

01
Security by default
Minimal Graph scopes, no user data stored on RN servers, immutable audit logs. Security is not a feature — it is the foundation.
02
CLI over dashboards
Every action available in the UI is also available in the CLI. Engineers automate; dashboards are for visibility, not dependency.
03
Minimal permissions
We request only the Graph scopes we actually need and document exactly why we need each one. No over-privileged service principals.
04
Audit everything
Every provisioning event, license change, offboarding action, and group modification is logged with actor, timestamp, and outcome. No exceptions.
05
Fast iteration
We ship every two weeks. If something is broken or missing, we fix it fast. Our changelog is public and we post updates when we mess up.
06
Enterprise ready
SOC 2 Type II. SAML SSO. Dedicated CSM on Enterprise plans. We pass security reviews because we designed for them from day one.
Timeline

Seven months of fast

Dec 2025
rn.identity incorporated
James and Sarah incorporated in Seattle. First lines of code committed on Christmas Eve.
Jan 2026
First customer goes live
Brightwell Logistics became customer zero. Their 340-person tenant was our first production deployment.
Mar 2026
$6.8M seed round closed
Led by Benchmark. Hired Marcus Webb (Infra), Priya Reyes (CS), Oliver Brandt (Security), and Emma Jordan (Product).
Apr 2026
SOC 2 Type II completed
Fast-tracked via Vanta. Four months from first customer to certified. No findings.
May 2026
v2.0 ships
Playbooks, GitHub Actions integration, and the license intelligence engine. Biggest release to date.
Jul 2026
287 organizations
Crossed 287 orgs and 4.2M identities under management. v2.5.0 ships with AI anomaly detection beta.
2026 rn.identity, Inc.
PrivacyTermsSecurity
The team

Small team. Deep expertise.

Everyone here has been an end user of what we are building. That is not an accident.

JT
James Thornton
CEO & Co-Founder

Six years as an Azure Identity PM at Microsoft. Led the GA launch of Entra External Identities. Left in 2025 to build the tool his customers kept asking for.

AzureIdentityPM
SC
Sarah Chen
CTO & Co-Founder

Led the MSAL SDK team at Microsoft for four years. Built the token caching architecture used by millions of developers. Holds two patents on OAuth token lifecycle management.

MSALSDKGraph API
MW
Marcus Webb
Head of Engineering

Ten years building infrastructure at Stripe and Cloudflare before joining RN. Designed the delta-sync engine that lets us sync 50,000-user tenants in under nine minutes.

InfraReliabilityCLI
PR
Priya Reyes
Head of Customer Success

Five years as IT Director at a 4,000-person logistics company before joining RN. Has personally run offboarding for 600 plus employees using legacy tools.

EnterpriseIT OpsCS
OB
Oliver Brandt
Head of Security

OSCP certified. Previously at Microsoft MSRC researching Azure AD privilege escalation paths. Designed our minimal-permission Graph scope model and SOC 2 controls program.

OSCPMSRCSOC 2
EJ
Emma Jordan
Product

Previously at Rippling managing identity product features for 18 months. Obsessed with offboarding UX and the gap between disabled in Entra and actually off all systems.

ProductUXRippling
2026 rn.identity, Inc.
PrivacyTermsSecurity
Live demo

The rn.identity dashboard

A real-feeling interactive demo. Click around — the data is fake, the UI is production.

app.rn-identity.com/dashboard
rn.identity
Users
Licenses
Playbooks
Audit Log
Total Users
2,847
Active
2,703
Pending
31
Inactive
113
UserStatusLicenseLast Active
JT
James Thornton
j.thornton@contoso.com
ActiveM365 E32h ago
SC
Sarah Chen
s.chen@contoso.com
ActiveM365 E514m ago
CF
Claire Ford
c.ford@contoso.com
PendingE33d ago
RK
Ryan Kim
r.kim@contoso.com
ActiveM365 E31h ago
MP
Maria Park
m.park@contoso.com
InactiveM365 E397d ago
Total Seats
3,200
In Use
2,847
Available
353
Waste/mo
$5.2k
Microsoft 365 E32,400 / 2,800 — 86% utilization
Microsoft 365 E5447 / 400 — over-provisioned
Defender for Endpoint P289 / 200 — 45% utilization

5 playbooks configured

new-hire-engineering
trigger: manual / webhook · 12 steps
new-hire-sales
trigger: webhook · 10 steps
offboard-graceful
trigger: manual · 9 steps
offboard-immediate
trigger: manual · 7 steps
license-audit
trigger: scheduled Mon 08:00
TimeActorActionTargetStatus
14:22:08j.parkProvision usera.rivera@contoso.comOK
13:55:41autoAssign licensea.rivera@contoso.comOK
11:30:17s.chenOffboard userc.ford@contoso.comOK
09:14:53m.webbRemove groupsg-devops-allWARN
08:01:00autoLicense auditscheduled runOK
Add new user
2026 rn.identity, Inc.
PrivacyTermsSecurity
CLI Reference

The rn CLI

Install once. Automate everything. Works anywhere a shell does.

Installation

Get started in 30 seconds

HomebrewmacOS / Linux
$ brew tap rn-identity/tap $ brew install rn $ rn --version rn v2.5.0
npmNode 18+
$ npm install -g @rn-identity/cli $ rn --version rn v2.5.0
wingetWindows 10/11
PS> winget install RNIdentity.CLI PS> rn --version rn v2.5.0
Dockerany platform
$ docker pull ghcr.io/rn-identity/cli:latest $ docker run --rm -v ~/.rn:/root/.rn ghcr.io/rn-identity/cli:latest rn --version rn v2.5.0
Authentication
rn auth
# Device-code login (recommended for interactive use) $ rn auth login --tenant contoso.onmicrosoft.com # Service principal login (for CI/CD) $ rn auth login --tenant contoso.onmicrosoft.com --client-id $CLIENT_ID --client-secret $CLIENT_SECRET # Show current authentication status $ rn auth status # Revoke cached tokens $ rn auth logout
User management
rn users
# List all users $ rn users list --format table # Get a specific user $ rn users get --upn j.smith@contoso.com # Provision a single user $ rn provision --upn a.rivera@contoso.com --template engineering # Provision from CSV $ rn provision --csv new-hires.csv --template engineering # List stale accounts (90+ days inactive) $ rn users list --filter stale --days 90
Offboarding
rn offboard
# Graceful offboard (manager notified, mailbox converted) $ rn offboard --upn c.ford@contoso.com --playbook offboard-graceful # Immediate offboard (security incident — sessions first) $ rn offboard --upn c.ford@contoso.com --playbook offboard-immediate # Preview what will happen without executing $ rn offboard --upn c.ford@contoso.com --dry-run # Bulk offboard from a CSV of UPNs $ rn offboard --csv terminations.csv --playbook offboard-graceful
License management
rn licenses
# Full tenant license audit $ rn licenses audit # Reclaim stale and duplicate licenses (preview first) $ rn licenses reclaim --type stale,duplicate,shared-mailbox --dry-run $ rn licenses reclaim --type stale,duplicate,shared-mailbox --confirm # Export license report as HTML $ rn licenses audit --format html --output license-report.html # Assign a license SKU to a user $ rn licenses assign --upn new@contoso.com --sku M365_E3
2026 rn.identity, Inc.
PrivacyTermsSecurity
Changelog

What we have shipped

We ship every two weeks. Everything we change, we document.

v2.5.0 Jul 7, 2026 Major
AI anomaly detection (beta) + performance improvements
  • AI-powered anomaly detection for unusual sign-in patterns and suspicious license assignments — now in beta for all Pro and Enterprise customers
  • Delta sync now 40% faster for tenants over 10,000 users thanks to parallel Graph batch requests
  • Playbook execution logs now include per-step timing data
  • New --notify-managers flag on license reclaim for grace period workflows
  • Fixed: audit log export occasionally omitted the final 20 entries on large tenants
v2.4.0 Jun 23, 2026 Minor
License intelligence overhaul
  • Complete rewrite of the license audit engine — now surfaces shared mailbox licenses, soft-deleted account licenses, and duplicate SKU assignments as separate categories
  • New weekly license digest email (opt-in, configurable recipients)
  • SKU downgrade workflows now require explicit manager approval via email confirmation link
  • rn licenses reclaim now supports --grace-period flag (e.g. --grace-period 30d)
v2.3.1 Jun 9, 2026 Patch
Token refresh and auth stability fixes
  • Fixed: MSAL token cache occasionally expired during long-running bulk operations (over 500 users)
  • Improved error messages when Graph API returns 429 throttle responses
  • Service principal auth now correctly handles certificate-based credentials
v2.0.0 May 14, 2026 Major
Playbooks, GitHub Actions, and the new dashboard
  • Playbook engine: define multi-step identity sequences in YAML or via the dashboard UI
  • Official GitHub Actions integration — rn-identity/provision@v2 and rn-identity/offboard@v2
  • Complete dashboard rebuild with the demo you can explore on the Product page
  • Webhook trigger support for all playbooks (BambooHR, Workday, and custom)
  • New offboard-immediate playbook mode for security incident response
  • Immutable audit log export in JSON and CSV format
v1.2.0 Mar 3, 2026 Minor
Bulk provisioning and role templates
  • CSV-based bulk provisioning — provision up to 500 users in a single command
  • Built-in role templates: Engineering, Sales, Finance, Executive, Contractor
  • Conditional access policy assignment now part of provisioning templates
  • rn sync now uses Graph delta queries — subsequent syncs are 8x faster
v1.0.0 Jan 12, 2026 Major
Initial release
  • Core provisioning and offboarding via Microsoft Graph API
  • Device-code and service principal authentication
  • Basic license audit — stale accounts and unassigned seats
  • Immutable audit log with actor, timestamp, and outcome
  • Homebrew, npm, and winget distribution
2026 rn.identity, Inc.
PrivacyTermsSecurity
Pricing

Straightforward pricing

All plans include a 14-day free trial with full feature access. No credit card required.

Starter
$49/mo
billed monthly · up to 500 users

Everything a small IT team needs to get identity operations off spreadsheets and scripts.

  • Up to 500 Entra ID users
  • 2 playbooks
  • CSV provisioning
  • Offboarding automation
  • Basic license audit
  • 30-day audit log retention
  • Email support
Pro
$129/mo
billed monthly · up to 5,000 users

For growing IT teams that need full automation, compliance exports, and priority support.

  • Up to 5,000 Entra ID users
  • Unlimited playbooks
  • Webhook triggers (BambooHR, Workday)
  • Full license intelligence suite
  • SOC 2 audit log export
  • GitHub Actions integration
  • 1-year audit log retention
  • Priority email + Slack support
Enterprise
Custom
annual contract · unlimited users

For large organizations that need SLAs, SSO, and a dedicated point of contact.

  • Unlimited Entra ID users
  • Custom playbooks + Graph API actions
  • SAML SSO (Okta, Azure AD)
  • Dedicated Customer Success Manager
  • 99.9% uptime SLA
  • Custom audit log retention
  • Security review + questionnaire support
  • Slack Connect channel
Security

SOC 2 Type II certified. Minimal Graph scopes. No user data stored on RN servers. Report available on request.

Support

Starter gets email support with 24h response. Pro gets priority with 4h response. Enterprise gets dedicated Slack Connect.

Billing

Monthly and annual billing available. Annual plans save 20%. Invoiced billing available on Enterprise.

2026 rn.identity, Inc.
PrivacyTermsSecurity
Blog

Identity, deep cuts

Technical writing from the people building rn.identity. No vendor fluff.

🔒
Security
The Complete Guide to Microsoft Graph API Permissions for Identity Automation
Every Graph scope, what it actually grants, and how to get your security team to approve the shortest list possible.
JT
James Thornton Jun 18, 2026 28 min
⚡
Engineering
How We Sync 287 Tenants in Under Ten Minutes
Delta queries, parallel batch requests, and the architecture behind the RN sync engine.
SC
Sarah Chen Jun 4, 2026 18 min
🚨
Security
Why Offboarding Is the Most Dangerous Moment in Your M365 Identity Lifecycle
The typical offboarding has 11 failure modes. We catalogued all of them.
OB
Oliver Brandt May 22, 2026 14 min
📈
Cost Optimization
M365 License Waste: How the Average 500-Seat Tenant Loses $24,000 a Year
We analyzed license data across 200+ tenants. The findings were worse than we expected.
PR
Priya Reyes May 9, 2026 21 min
⚙️
DevOps
Wiring rn.identity into GitHub Actions: A Complete CI/CD Identity Pipeline
From pull request to provisioned user — a working GitHub Actions workflow with full YAML.
MW
Marcus Webb Apr 28, 2026 16 min
2026 rn.identity, Inc.
PrivacyTermsSecurity

2026 rn.identity, Inc.
PrivacyTermsSecurity
Contact

Get in touch

Free trial questions, security reviews, or just want to talk identity. We respond fast.

Message sent. We will be back within 4 hours.
Response times

Starter: 24 hours. Pro: 4 hours. Enterprise: dedicated Slack Connect. Free trial inquiries always same day.

Email
hello@rn-identity.com
security@rn-identity.com for vulnerability reports
Location
Seattle, WA
Remote-first team across North America
Book a call
30-minute demo with a founder
Schedule on Calendly
2026 rn.identity, Inc.
PrivacyTermsSecurity