angelovasquez.net / projects / identity-bridge

⬡ Security ⬡ AI ◈ Concept Demo

Identity Bridge

A SOC intelligence tool that unifies physical identity (OnGuard PACS) with digital identity (SSO/Active Directory) — enabling real-time identity resolution, SIEM alert enrichment, and cross-correlation anomaly detection.

Domain

Security Operations

Stack

OnGuard OpenAccess API · AD/LDAP · SIEM middleware

Status

Concept prototype · Pending API access

The problem

A gap every SOC lives with

When a SIEM alert fires, it contains a username — jsmith — and little else. The analyst manually cross-references directories, badge systems, and HR records to answer one basic question: who is this person, and where are they right now?

The physical access control system — LenelS2 OnGuard — already holds the answer. Name, department, badge ID, access tier, photo, last physical location. The data exists. It just lives in a separate silo, accessible only by clicking through a UI one record at a time.

Physical identity — OnGuard

Badge scans, cardholder records

Full name · department · access level · badge ID · photo · physical location history

Digital identity — AD / SSO

Usernames, login events

SSO username · login timestamps · source IP · auth failures · session data

What analysts get today

Fragmented, manual, slow

Alert fires → analyst manually looks up username → cross-references OnGuard → builds context by hand

What Identity Bridge provides

Unified, automatic, real-time

Alert fires → middleware resolves identity → full context delivered instantly, anomalies flagged automatically

Architecture

How it works

A lightweight middleware layer — no modification to existing OnGuard or SIEM infrastructure required. It reads from both systems, resolves identity mappings, and surfaces enriched context to analysts.

🏢

OnGuard

OpenAccess API
Cardholder data

→

⚙️

Identity Bridge

SSO ↔ badge
mapping layer

←

🔑

AD / SSO

LDAP / Azure AD
Login events

→

⚙️

Identity Bridge

Anomaly engine
Alert enrichment

→

📡

SIEM / SOC

Enriched alerts
Analyst dashboard

OnGuard OpenAccess REST API LenelS2 DataConduIT LDAP / Azure AD Python middleware Splunk / SIEM integration Rule-based anomaly engine OnGuard 8.x

Interactive demo

Try the prototype

All three layers of the system demonstrated with realistic mock data modeled after actual OnGuard cardholder schema and SOC alert patterns.

identity-bridge · soc-demo · mock data

Identity Bridge OnGuard + AD/SSO

Physical identity ↔ digital identity, unified for SOC analysts

Search by SSO username, full name, or badge ID

type to search

Active alerts today

Identities resolved

Pending enrichment

Recent SIEM alerts — click to expand identity context

Critical anomalies

Warnings flagged

148

Clean events today

Physical vs digital cross-correlation flags

↑ Illustrative mock data structured around actual OnGuard cardholder schema. No real PII is present.

Capabilities

Three layers, one tool

🔍

Identity resolution

Resolve any SSO username, real name, or badge ID to a unified identity record — pulling from OnGuard cardholder data and AD in a single query.

⚡

Alert enrichment

SIEM alerts enriched automatically with physical context: where the person badged in, access tier, and analyst recommendation generated per alert.

🚨

Anomaly detection

Cross-correlates badge and SSO events to surface impossible travel, off-hours access, credential sharing, and active sessions with no physical presence.

Project status

Where this stands

This project started as a concept with a SOC team encountering this exact identity gap daily. The prototype demonstrates the full workflow; production deployment is gated on completing the OnGuard upgrade and securing OpenAccess API licensing.

Current phase

Concept prototype

OnGuard target

v8.2 / 8.3 (upgrade in progress)

Blocker

OpenAccess API license

Next step

API access + AD source confirmed

← Back to all projects