When users do not respond, policy takes over.
MYID routes identity risk to the affected user first. If the user confirms it was not them, or does not respond within your configured response window, Autopilot can trigger approved protection actions across your connected systems.
Customer-defined response window
Set the timeframe that makes sense for the incident: 60 seconds, five minutes, an hour, or a custom window. MYID measures the response against policy instead of waiting for manual triage.
User consent and scope
Users respond only to incidents tied to their own identity. Organizations can require consent for Autopilot and define which actions are allowed for each incident type.
Approved remediation actions
Depending on connected systems, Autopilot can reset passwords, write SIEM notes, close or update incidents, notify users, unlock or lock AD accounts, and call secure action APIs such as MYID Secure AD Agent.
Recorded for audit
MYID records the incident, user response or non-response, action taken, provider result, and timestamp so SOC and IT teams can review what happened after the account is protected.
From alert to protected account.
Signal arrives
An identity or security event is received from the customer's IdP, SIEM, EDR, directory, or custom system.
User is challenged
MYID asks the affected user to confirm or deny the activity in plain language.
Timer starts
The configured response window determines how long MYID waits before escalation.
Action is taken
If the user denies the event or misses the window, MYID triggers policy-approved action and records the outcome.
Bring identity response under the window you choose.
MYID Autopilot is built for organizations that want faster response without giving every user broad security privileges. Users answer for themselves; policy handles the rest.
Book a Demo arrow_forward Explore Self-Service