How ready is your authorization for identities, machines and AI agents?
Most authorization was designed for human users and static apps. Find out how your fabric holds up now that machines and autonomous agents act inside it — answer 30 questions, see your gaps across six domains, and leave with a roadmap to a Level 5, AI-ready model.
- 6
- domains
- 30
- questions
- ~5 min
- to complete
- Free
- no login
- Governance
- Identity Controls
- Policy Management
- Runtime Authorization
- Enforcement
- Scalability
Authorization was built for humans. Your estate isn't only human anymore.
The fastest-growing identities in the enterprise are machines and AI agents — and the old model of granting access at login no longer holds. Three shifts are forcing authorization to modernize.
Identities aren't just humans anymore
Machines, service accounts, API consumers and autonomous AI agents now act inside your stack — often on behalf of a human, often at machine speed. Most authorization models were never designed to govern them as first-class identities.
Decisions happen at login, not at the action
Access granted at provisioning or sign-in goes stale the moment context changes. Modern authorization re-evaluates continuously — who, where, what and why — at the transaction layer, every request.
AI agents reach tools, data and MCP servers
Agentic workflows chain tools and Model Context Protocol servers across systems. Without runtime guardrails on every step, one over-permissioned agent becomes an outsized blast radius.
Six domains of authorization maturity
Each domain is scored 1–5 from five questions. Together they show where your authorization fabric is strongest — and where it's holding the enterprise back.
- Domain 1
Authorization Governance
Who owns authorization, and how is it audited, versioned, and tested across the enterprise?
5 questions - Domain 2
Identity Controls
Which identities — humans, machines, agents — does your authorization model govern, and how richly?
5 questions - Domain 3
Authorization Policy Management
How is policy authored, shared, and pushed across the application landscape?
5 questions - Domain 4
Runtime Authorization
When and how often is an access decision actually re-evaluated against current context?
5 questions - Domain 5
Enforcement
Where in the stack is policy actually enforced — and how granularly?
5 questions - Domain 6
Operational Scalability
Can the authorization fabric keep up — with new apps, new teams, and AI-scale workloads?
5 questions
From Legacy to Adaptive — five levels of authorization
The PlainID Modernization Matrix maps every domain across the same five levels. The assessment tells you which one you're on — and what it takes to climb.
- L1LegacyStatic, hard-coded
Authorization is hard-coded inside each app. Humans only, human-paced.
- L2ManagedCentralized IAM
Centralized IAM removes the worst silos — but decisions still happen at login.
- L3ExternalizedExternalized PBAC
Policy is externalized from code, with PBAC standardized across the stack.
- L4ContextualDynamic + contextual
Dynamic, context-aware decisions at the transaction layer for humans and machines.
- L5AdaptiveAdaptive + AI-ready
Continuous, risk-adaptive control across humans, machines and AI agents.
AI-ready target
Five minutes in. A modernization roadmap out.
No prep, no login, no sales call required to see your results.
- 1
Answer 30 quick questions
Six domains, five questions each. Pick the statement that best matches how your enterprise works today. Press 1–5 — it takes about five minutes.
- 2
See your score and maturity map
Get an overall Level 1–5 score, a domain-by-domain radar, and the exact gap between where you are and a Level 5, AI-ready authorization fabric.
- 3
Get a tailored modernization roadmap
A prioritized set of capabilities to reach your next level — and what each step lets you retire — grounded in the PlainID Modernization Matrix.
- An overall Level 1–5 maturity score
- A domain-by-domain radar across all six domains
- Your position on the full Authorization Modernization Matrix
- A prioritized roadmap to your next maturity level
- What each step lets you eliminate — legacy entitlement code, DIY OPA, login-only checks
- A shareable PDF you can download (after a short form)
Questions before you start
How long does the assessment take?
About five minutes. It's 30 questions across six domains — five per domain — and you can move with the keyboard (press 1–5 to answer, Enter to advance).What do I get at the end?
An overall Level 1–5 maturity score, a domain-by-domain radar, your place on the full Authorization Modernization Matrix, and a tailored roadmap of the capabilities needed to reach your next level. You can download the whole thing as a PDF after a short form.Is it really free? Do I have to talk to sales?
Yes, it's free, and you see your full results on screen with no form. You only share your details if you want to download your results as a PDF or get a walkthrough from a PlainID specialist — that part is optional.What is the PlainID Modernization Matrix?
It's a five-level maturity ladder — Legacy, Managed, Externalized, Contextual and Adaptive — mapped across six authorization domains: Governance, Identity Controls, Policy Management, Runtime Authorization, Enforcement and Operational Scalability. The assessment places you on it.Who is this for?
IAM, security and platform leaders responsible for how access decisions are made across applications, APIs, data and — increasingly — AI agents. No vendor knowledge is required to answer the questions.Does my data leave my browser?
The assessment runs entirely in your browser. Your answers and score stay local unless you choose to submit the form to receive your PDF or request a walkthrough.
See where your authorization stands.
Score your maturity across six domains in about five minutes and get a tailored roadmap to an AI-ready authorization fabric.