MYID Autopilot

When users do not respond, policy takes over.

MYID routes identity risk to the affected user first. If the user confirms it was not them, or does not respond within your configured response window, Autopilot can trigger approved protection actions across your connected systems.

Plan Autopilot arrow_forward User-Driven Response
timer

Customer-defined response window

Set the timeframe that makes sense for the incident: 60 seconds, five minutes, an hour, or a custom window. MYID measures the response against policy instead of waiting for manual triage.

verified_user

User consent and scope

Users respond only to incidents tied to their own identity. Organizations can require consent for Autopilot and define which actions are allowed for each incident type.

bolt

Approved remediation actions

Depending on connected systems, Autopilot can reset passwords, write SIEM notes, close or update incidents, notify users, unlock or lock AD accounts, and call secure action APIs such as MYID Secure AD Agent.

receipt_long

Recorded for audit

MYID records the incident, user response or non-response, action taken, provider result, and timestamp so SOC and IT teams can review what happened after the account is protected.

How Autopilot Works

From alert to protected account.

1

Signal arrives

An identity or security event is received from the customer's IdP, SIEM, EDR, directory, or custom system.

2

User is challenged

MYID asks the affected user to confirm or deny the activity in plain language.

3

Timer starts

The configured response window determines how long MYID waits before escalation.

4

Action is taken

If the user denies the event or misses the window, MYID triggers policy-approved action and records the outcome.

Bring identity response under the window you choose.

MYID Autopilot is built for organizations that want faster response without giving every user broad security privileges. Users answer for themselves; policy handles the rest.

Book a Demo arrow_forward Explore Self-Service