PLATFORM CAPABILITY

Universal Search

Google for your identities — but only showing what each user is allowed to see. Relevance-ranked, typo-tolerant search across persons, accounts, groups, roles, and entitlements in 42ms, with three privacy modes and a 3-line React SDK.

HelpdeskSecurity OpsCompliancePlugin Devs

Book demo Talk to us

Dynamic Group Engine → Orchestration Service →

Universal Search querying across identity systems with relevance-ranked, policy-aware results

Key advantages

200x faster than SQL LIKE — 42ms average across 9M+ entities

Policy-aware privacy — three visibility modes enforced by AuthZEN PDP

3-line React SDK — SearchPage component with debounce, caching, ARIA accessibility

Platform foundation — powers DGE, Identity Resolution, AI Sentinel tooling

The scattered search problem

"200 helpdesk analysts × 40 tickets/day × 5 minutes wasted per search = 666 hours/month — the equivalent of 4 full-time employees doing nothing but fighting search." — Identity Operations Analysis

Unreliable search

SQL LIKE across 60+ columns and 9M+ rows causes full table scans and 5-30 second response times. Users abandon and call the helpdesk.

Zero typo tolerance

"Patrik" returns nothing instead of finding "Patrick." Every misspelling is a dead end and wasted analyst time.

No relevance ranking

Results are alphabetical or random. The right identity is buried on page 3. No weighting by match quality or entity importance.

No privacy controls

All-or-nothing visibility. No PII masking option for helpdesk users — either they see everything or nothing.

Inconsistent behavior

Each console searches different fields with different speed and quirks. Training is a nightmare — 3-5 search-related bugs per plugin.

No filtering capability

Finding "high-risk entitlements" requires exporting to Excel. No faceted search, no real-time drill-down.

Why alternatives fall short

SQL optimization

Paradigm mismatch

Users expect search-engine semantics — relevance, fuzzy, suggestions. SQL provides predicate semantics — true/false. A fundamental mismatch.

FTS on OLTP tables

Write amplification

GIN indexes on hot tables cause write amplification, tsvector triggers on every INSERT/UPDATE, index bloat, and VACUUM contention.

Per-system search

Inconsistent · bugs

Each console searches different fields, requires separate training, and compounds bugs. 3-5 search-related bugs per plugin.

Elasticsearch bolt-on

Complex · not policy-aware

Adds infrastructure complexity. Still not policy-aware — no PII masking, no PDP integration, no fail-closed security.

How it works

Source systems publish changes via Kafka. The search indexer builds optimized projections in Postgres 16. Queries pass through a 7-step pipeline with policy-aware post-filtering — results in 42ms, every time.

Index

→Source systems publish change events to Kafka — SQL Server, Postgres, Neo4j, HR/AD/SAP
→Indexer computes tsvectors with 4-weight field ranking (A=identifiers, B=names, C=org, D=text)
→Upserts into Postgres 16 with GIN indexes for FTS and pg_trgm for fuzzy — <5s index lag

Parse & fast-path

→Queries validated (max 500 chars), normalized, checked for identifier patterns
→Email "@" or UUID/employee-ID triggers B-tree exact lookup — O(1), <5ms, score 10.0
→Fast path skips full-text search entirely — critical for security incident response

Search & PDP filter

→FTS with ts_rank() weighted scoring; trigram fallback if <5 results and query ≥ 3 chars
→Batched AuthZEN PDP evaluation (max 100/batch, 200ms timeout) — filtered, masked, or full
→Fail-closed: PDP down = empty results, never unauthorized data. Circuit breaker after 5 failures

Performance at scale

42ms

average query latency

<50ms

email fast path

200x

faster than SQL LIKE

9M+

entities indexed

3 lines

React SDK integration

Capabilities

Six core capabilities that transform fragmented identity search into a governed, policy-aware platform service.

7 entity types

Persons · accounts · groups · app roles · entitlements · bundles · delegations

Global search fans out to all 7 entity types simultaneously. Each type has specific facets and filters — risk level for entitlements, system type for accounts, membership count for groups.

Type-specific facets and filters per entity
Fan-out search returns unified, relevance-ranked results
Facet counts are post-PDP — only authorized entities counted

Identifier fast path

Email · UUID · employee ID — B-tree exact lookup in <5ms

When a query contains "@" or matches UUID/employee-ID patterns, the system triggers a B-tree exact lookup. O(1), <5ms, score 10.0 with an "exact match" badge. Full-text search is skipped entirely.

Critical for security incident response — find compromised identities instantly
Email fast path resolves in <50ms (often <15ms)

Three visibility modes

Full · masked · filtered — enforced by AuthZEN PDP

Full mode returns all fields. Masked mode redacts PII (email → a***@acme.com, employee_id hidden). Filtered mode excludes unauthorized entities entirely. Highlights are omitted in masked mode to prevent information leakage via match position patterns.

Fail-closed: PDP down = empty results, never unauthorized data
Circuit breaker opens after 5 failures, recovers after 30 seconds

3-layer React SDK

API client · React hooks · UI components

Layer 1: typed API client with caching and AbortController cancellation. Layer 2: React hooks (useSearch, useSuggest) with 300ms debounce and stale-window cache. Layer 3: UI components (SearchBar with WAI-ARIA combobox, FacetPanel, HighlightText with XSS safety).

SearchPage component — full-page search in 3 lines of code
5 minutes to integrate vs. 2-4 hours per plugin

HMAC-signed pagination

Keyset cursors · HMAC-SHA256 · constant performance

Keyset cursors (seek method, not OFFSET) signed with HMAC-SHA256 via pgcrypto. Constant performance at any page depth — page 1 and page 1,000 are equally fast.

Cross-tenant cursor reuse rejected by design
PII in URLs stripped by the SDK

Backfill & recovery

Disposable index · 9M rows in ~30 min · resumable

The search index is disposable: truncate and backfill recovers 9M entities in ~30 minutes at 5,000 rows/sec. Chunked, checkpointed, resumable. Resource-bounded: 2 DB connections, 512MB memory.

If index is compromised — truncate and rebuild, not repair
Checkpoint resumption handles interruptions gracefully

Business impact

90%

Faster identity lookup

2-5 min to find an identity → under 10 seconds

75%

Fewer search tickets

~200 search-related tickets/month → fewer than 50

95%

Faster plugin dev

2-4 hours per plugin → 5 minutes with the React SDK

90%

Faster audit prep

2-3 day audit preparation → 2-3 hours with faceted search

How Universal Search compares

SailPoint

Saviynt

CyberArk

EmpowerNow

Relevance ranking

N/A

Full (4-weight)

Fuzzy / typo match

N/A

Full (pg_trgm)

Faceted filtering

Limited

N/A

Full (post-PDP)

PII masking modes

N/A

3 modes (AuthZEN)

Fail-closed security

N/A

PDP down = empty

Fast path (<50ms)

N/A

B-tree exact

Plugin SDK (3-line)

N/A

React SDK

WCAG 2.1 AA

Limited

Full

DGE foundation

Separate

Integrated

AI Agent tooling

N/A

Full (MCP tools)

Frequently asked questions

How is Universal Search different from adding Elasticsearch?

Universal Search is a purpose-built projection: it indexes from Kafka events, enforces AuthZEN PDP visibility per entity, provides fail-closed security (PDP down = empty, never unauthorized), and serves as the foundation for DGE, Identity Resolution, and AI agents. Elasticsearch would need all of this custom-built. Universal Search also ships with a 3-line React SDK for instant plugin integration.

Can we use our existing Elasticsearch?

The backend is pluggable. Phase 1 uses Postgres FTS, Phase 2 supports OpenSearch. Same SDK, same UX, swap the engine. No rip-and-replace required.

What happens if the PDP is unavailable?

Fail-closed by design. In filtered/full mode, the system returns empty results with a warning. In masked mode, it returns all-masked results. A circuit breaker opens after 5 failures and recovers after 30 seconds. Unauthorized data is never returned under any failure scenario.

How sensitive is the search index data?

Three visibility modes plus fail-closed security. PII in logs is hashed. PII in URLs is stripped by the SDK. Highlight fragments are structured (no raw HTML injection). HMAC-signed cursors prevent cross-tenant reuse. The index is disposable — truncate and backfill in 30 minutes if compromised.

Standards & protocols

Protocols

Postgres 16 pg_trgm Kafka AuthZEN HMAC-SHA256 WAI-ARIA

Accessibility

WCAG 2.1 AA OpenTelemetry Prometheus

Compliance

SOX GDPR HIPAA

Use cases

Helpdesk typo-tolerant lookup

Analyst types "Patrik Smih" (two typos). FTS finds zero exact matches. Trigram fallback activates and finds "Patrick Smith" with similarity 0.71. Result appears in 38ms, ranked #1 — 45 seconds total vs. 15 minutes across 3 consoles.

38ms · Typo-tolerant · Single console

10-second compliance audit view

App owner searches "invoice" — 139 results in 42ms. Clicks Risk Level "Critical" and "High" — filters to 16 results instantly. Audit-ready view replaces 2-3 days of Excel pivot tables. Facet counts are post-PDP.

Faceted · Policy-aware · Audit-ready

Security incident email fast path

Security analyst types alice.johnson@acme.com — system detects "@", triggers email fast path (B-tree lookup), returns exact match in 12ms with "exact match" badge. Every account across every connected system on one screen.

12ms · Exact match · Cross-system view

Ready to see it live?

Book a 15-minute walkthrough with an engineer. We'll map Universal Search to your architecture, show real event flows, and answer every technical question.