IAM Policy Scanner
Admin permissions, Action/Resource wildcards, and privilege escalation paths like PassRole and policy attachment.
IAM policy scanner & identity security
before privileges become breaches.
Upload IAM policies, AWS role trust policies, Okta exports, or Azure Entra Conditional Access configs. identity scans for admin permissions, wildcards, privilege escalation, dangerous AssumeRole trust, weak MFA, and global admin sprawl — plus intent vs. reality gaps where roles are tagged read-only but policies grant wildcard access.
4
IdP scanners
AWS · Okta · Azure
Coverage
PDF
Assessment report
What we scan
AWS Trust Policy Scanner
Dangerous AssumeRole trust, Principal: *, and cross-account trust without conditions or ExternalId.
Okta Scanner
Weak or disabled MFA, excessive SUPER_ADMIN and ORG_ADMIN role assignments.
Azure Entra ID Scanner
Global Administrator sprawl, disabled Conditional Access, and policies without MFA requirements.
IAM and trust policies embedded in Terraform or CloudFormation are also flagged when you scan with iac.
API quickstart
Scan via REST with your API key — same engines as the upload form.
Example request
curl -X POST "http://api.misconfigs.com/api/v1/identity?format=json&framework=soc2" \ -H "X-API-Key: mc_your_key" \ -F "file=@sample/identity/iam-admin-policy.json"
Run an identity security scan
Upload IAM JSON, trust policies, Okta exports, Entra CA policies, or zip them together
Try demo
See it in action
Download the identity demo, upload below, and review intent gaps with suggested fixes.
Click a demo — we download the zip for you, then run the scan automatically. Keep this tab open; results appear below (usually 1–2 minutes).
One free demo per day — no account. Sign in free for more demos and your own uploads.
Drag & drop your identity configs here
IAM · trust policy · Okta · Entra · .json · .yaml · .zip · max 10 MB
Automated scans only — not a penetration test, compliance audit, or professional security advice. Results may contain false positives or miss issues. You are responsible for validating findings before acting. Terms · Privacy
The optional scan assistant and Explain actions use Google Gemini (a third-party AI). Responses are generated automatically and may be inaccurate or incomplete — not security, legal, or professional advice. Chat sends finding details, scan summaries, and your messages to Google for processing. Do not include secrets you cannot afford to disclose. Official Terms (AI section) and Privacy Policy (AI section) are the source of truth, not assistant replies.