Identity Management
Run real helpdesk identity work from the AI assistant, with every change gated and logged.
Identity Management connects a customer’s Google Workspace domain and Microsoft 365 tenant so technicians can look up users, check security posture, and run helpdesk identity work directly from the in-app AI assistant. Read-only lookups run automatically, while anything that changes an account is gated behind a human approval step with a mandatory reason and a full audit trail.
Connecting a Tenant
Both connectors live in an organization’s Integrations area as dedicated cards, one for Google Workspace and one for Microsoft 365, with a single connection per organization for each provider. Google Workspace uses a service-account key with domain-wide delegation, while Microsoft 365 uses an Entra app registration with admin-consented Microsoft Graph permissions. Credentials are verified with a live provider call before they are stored, encrypted at rest, and never returned to the browser.
Viewing Identity Posture
Once a tenant is connected, technicians can read identity data through automatic, read-only lookups. Google Workspace surfaces user details, group membership, license assignments, and a domain-wide security drift report that buckets users into no 2-step verification, super-admins, suspended, never logged in, and stale accounts past a configurable threshold (90 days by default). Microsoft 365 provides user lookup, recent sign-in activity, and group memberships.
AI-Assisted Identity Actions
Every identity action carries one of two tiers. Read actions, such as lookups and reports, run automatically because they change nothing. Mutating actions require a human approval step plus a mandatory reason and are recorded in the audit log, so they are never executed silently.
Google Workspace Action Set
Google Workspace offers the broader set of mutating actions: reset passwords, suspend or restore users, sign users out of all sessions, manage mail forwarding and out-of-office, update or rename users, manage group membership and org units, reset 2-step verification, manage mailbox delegates and licenses, and share calendars. It also includes a guided offboarding sequence for departing users and a stolen-device remote wipe kept separate from offboarding for lost or stolen hardware.
Microsoft 365 Action Set
Microsoft 365 mutating actions are intentionally limited to disabling a user (blocking sign-in) and resetting a password with a force-change at next sign-in. The two providers are not at parity; the Google Workspace action set is deliberately much broader.
Security and Audit
Connecting or disconnecting a tenant requires MFA and an organization-write permission, and every connect, disconnect, and mutating action is written to the audit log. Emailed security reports are locked to the connection’s own admin address so directory data cannot be routed elsewhere, and site-level access scoping is enforced so technicians cannot act outside their assigned site.
Ready to see Identity Management in action?
Book a 20-minute demo to see how Identity Management works in your environment, or compare plans and self-host today.
Ready to try Breeze?
Self-host the open-source agent or join the managed cloud beta. No credit card required.
Related features
All features →Coming from another RMM? See how Breeze compares on price, features, and openness.
Compare Breeze