01 Nova IAM

Govern identity across
every system.
Without the bloat.

SAP, Active Directory, Entra ID, SCIM — one lightweight platform to manage users, roles, and compliance. Ships in days. Runs anywhere.

02 The Problem

Enterprise IAM was designed
for a different era

Fragmented control

Roles scattered across SAP, AD, Entra. No single view. Drift accumulates silently until the next audit finds it.

Painful to deploy

Legacy IGA tools need months of consulting, middleware stacks, and six-figure licensing before you see a single dashboard.

Compliance by spreadsheet

Access reviews done in Excel. SoD checks are manual. Reports take weeks to compile. Auditors are not impressed.

03 Our Thesis

IAM doesn't have to be heavy

Nova is a single Python process backed by PostgreSQL. No app server cluster, no message bus, no Kubernetes required. Install it, connect your systems, start governing.

Deployment

1 process

Flask + PostgreSQL. That's the stack.

Time to value

Days

Not quarters. Not months. vs. 6-12 mo typical

Per-user license

$0

No seat-based pricing. No user tiers.

Dependencies

Minimal

Python, Postgres, a browser. No Java, no middleware.

# That's the full deployment
docker-compose up -d
python app.py
# Running at :8000 — connect your first system

04 Platform

What Nova does

Connect

Native connectors for SAP (RFC), LDAP / Active Directory, Microsoft Entra ID, and any SCIM endpoint. Pluggable — add a new system by dropping in a connector package.

Reconcile

Three-way diff: Nova's desired state vs. each backend's actual state vs. your policies. Catches drift per user, per system, with conflict resolution built in.

Provision

Assign a business role → Nova provisions across every linked backend automatically. SAP full-sync via BAPI, LDAP/Entra incremental. Validity windows merge intelligently.

Govern

Multi-step approval workflows, self-service access requests, org-based role inheritance, full audit trail. Risk scoring on every role and business role.

05 Connectors

Four systems out of the box,
any system with a plugin

SAP RFC

User lookup & sync
Role import with composite mapping
Provisioning via BAPI
Account & password mgmt

LDAP / AD

Group & user browsing
Profile presets (AD, OpenLDAP)
Incremental provisioning
Password management

Entra ID

Graph API integration
Group membership sync
Account lifecycle
Incremental provisioning

SCIM 2.0

Generic protocol
Basic / Bearer auth
User & group operations
Works with any SCIM app

Each connector is a self-contained package: connection logic, routes, and background job executors. Adding a fifth system means adding a folder — not refactoring core code.

06 Intelligence

AI where it actually helps

Nova uses AI for three specific problems where pattern recognition beats manual review. It's not a chatbot strapped onto a dashboard — every AI feature maps to a concrete governance outcome.

Risk analysis

Compares each user's entitlements against peers, department baselines, and known SoD matrices. Flags anomalies with scored confidence, not vague warnings.

Role mining

Apriori frequent-itemset algorithm discovers which roles are always assigned together. Suggests business role candidates from real usage — not from org charts.

Report generation

Describe the report you need in plain language. Nova generates validated SQL, runs it in a read-only sandbox, and formats the output. Chat to iterate.

Runs on your terms

Local mode via Ollama (air-gapped, no data leaves your network) or cloud mode with Claude / OpenAI. You choose per deployment. Switch at any time.

07 Landscape

How Nova compares

	Nova	SailPoint	SAP IAG	Okta IGA
Native SAP RFC	Yes	Add-on	Yes	—
LDAP + Entra + SCIM	Yes	Yes	—	Yes
AI risk analysis & chat	Yes	Limited	—	—
AI role mining	Yes	Yes	—	—
Air-gapped / on-prem AI	Yes	—	—	—
Three-way reconciliation	Yes	Yes	Partial	—
Plugin extensibility	Yes	Yes	—	API only
Deploy in a day	Yes	—	—	SaaS
No per-user licensing	Yes	—	—	—
No middleware / app server	Yes	—	—	SaaS

08 Why Nova

The pitch in 30 seconds

You shouldn't need a programme
to run an IAM tool.

Python + Postgres. Deploy today, not next quarter.
Four connectors cover SAP, AD, Entra, and SCIM out of the box.
Three-way reconciliation catches drift other tools miss.
AI stays local if you need it to — Ollama, air-gapped, your data stays yours.
No per-seat fee. No consultant army. No middleware tax.

But lightweight doesn't
mean limited.

Multi-step approval workflows with self-service requests.
Org hierarchy with role inheritance and manager entitlements.
Automatic provisioning across all connected systems.
Role mining discovers business roles from actual usage patterns.
Full audit trail, risk scoring, and AI-generated compliance reports.

09 Under the hood

Deliberately simple architecture

Browser

Flask API

Connector Registry

SAP / LDAP / Entra / SCIM

PostgreSQL

Frontend

Vanilla JavaScript SPA. No React, no build step, no node_modules. Loads in any browser, works offline.

Backend

Python / Flask with modular blueprints. Connector packages for each system type. Plugin system for extensions. MCP tool bridge for AI integration.

Data

PostgreSQL with auto-migrating schema. 19 tables. JSONB for flexible configs. No ORM — direct queries, full control.

4

Native connectors

30+

AI-callable tools

~0

Mandatory infrastructure

1

Process to operate

10 Pricing

Three ways to get started

No per-user fees. No hidden costs. Pick the model that fits your organisation.

Limited availability

Pilot Programme

Free

Full license — no charge during pilot

What you get

Full Nova IAM platform, unrestricted
All connectors (SAP, LDAP, Entra, SCIM)
AI features included
Direct access to the founding team
Shape the roadmap with your feedback

Ideal for organisations willing to adopt early and provide feedback. Limited spots.

Subscription License

Annual license

Flat fee — no per-user, no per-system charges