RJ Autonomous logoRJ Autonomous
Apex / Apex Steward

Stop maintaining IAM governance in spreadsheets.

Apex Steward turns your vendor docs and policy PDFs into structured Identity and Access Management governance — workspaces, role matrices, application inventories, phased rollout plans, and NIST CSF-aligned maturity dashboards. Built for mid-market security teams who don’t have an analyst to spare.

At a Glance

Multi-tenant IAM governance, AI-augmented.

  • Multi-tenant SaaS, multiple workspaces per account
  • AI document ingestion (Voyage AI + Anthropic Claude)
  • Role matrices, app inventories, phased rollout plans
  • NIST CSF-aligned maturity scoring
  • Vendor template library

Live and deployed. Demo accounts are issued on request — request access to see the platform in action.

The Problem

IAM governance shouldn’t take six months and a consulting firm.

Most organizations build their IAM governance in spreadsheets and Confluence pages, or pay enterprise vendors six figures to import a fixed framework that never quite fits. Mid-market security teams get stuck in between — too small for SailPoint, too serious for spreadsheets, too busy to manually transcribe every vendor policy into a role matrix.

Apex Steward is the in-between. It reads your existing documents, extracts the IAM structure already buried in them, and lets you finish the job without rebuilding the whole framework from scratch.

Who It’s For

Mid-market security teams that need governance, not theatre.

Security and IT leaders at mid-market organizations — roughly 250 to 2,500 employees — who need a real IAM governance practice and don’t have nine months or a six-figure budget to get there. Internal audit teams that want a single source of truth instead of a binder of screenshots. Compliance leads preparing for SOC 2, ISO 27001, or HIPAA assessments.

What It Does

The pieces of a working IAM governance practice, in one place.

Apex Steward isn’t a single feature with marketing wrapped around it. It’s the structural pieces of an IAM governance program — the parts you’d otherwise build in a stack of disconnected spreadsheets — modeled in software and kept in sync.

01

Workspaces

One per business unit, subsidiary, or compliance scope. Multi-tenant from day one — separate IAM models for separate parts of the business, all under one account.

02

Role matrices

The shape of your access model in one view. Roles, applications, entitlements — and the relationships between them — laid out in a matrix you can actually reason about.

03

Application inventories

Track every application in scope: who owns it, what risk it carries, who has access, and how that access is granted. Export for audit, share with compliance.

04

Phased implementation plans

Translates governance work into a sequence — what to fix first, what depends on what, what to defer. Mid-market security teams don't have time for a 9-month rollout, and they shouldn't need one.

05

Maturity dashboards

NIST CSF-aligned scoring across the IAM domains. Live, not a static report — the dashboard updates as you build out your workspace, and the implementation plan reorders itself based on what the data says.

06

Vendor templates

Pre-built starting points for common patterns — SaaS-heavy organizations, hybrid identity, regulated industries. Pick a template and you're not staring at a blank table.

The Differentiator

How does AI extract IAM policies from vendor documentation?

Most IAM governance tools start with a blank table and ask you to fill it in. Apex Steward starts with your vendor docs, security policies, and compliance frameworks — and extracts the structured IAM data already in them.

Upload a PDF or DOCX. Voyage AI embeddings index every section. Anthropic Claude reads the content and identifies roles, applications, entitlements, and policies. A custom blend-diff algorithm reconciles what the AI found with anything you’ve already authored, so existing work isn’t overwritten.

The result: you skip the hours of manual transcription that usually kill IAM projects. The data lands in the role matrix, the app inventory, and the maturity dashboard already structured.

Maturity Scoring

NIST CSF-aligned scoring without the consulting bill.

Apex Steward scores your IAM maturity across the same domains a Big Four advisory would assess — identity lifecycle, access governance, privileged access, monitoring, compliance — using NIST Cybersecurity Framework alignment.

The output isn’t a static report. It’s a live dashboard that updates as you fill in your workspace, and the implementation plan reorders itself based on what the data actually says. You see where you are, where to invest next, and what the highest-leverage move is — all in the same view.

Built On

Production-grade, not vibe-coded.

Apex Steward runs on TypeScript across the stack — React 18 on the front end, Node.js 20 with Express on the API, Prisma over a tenant-isolated database. Deployed on AWS with multi-tenant JWT auth, end-to-end encryption (Cloudflare in front of an origin certificate on Elastic Beanstalk), and SSM-managed secrets. The AI pipeline uses Voyage AI for embeddings and Anthropic Claude for extraction.

It’s the kind of stack that scales without rewriting and the kind of operational posture that survives a security review.

TypeScriptReact 18Node.js 20ExpressPrismaSQLiteTailwind CSSAWS Elastic BeanstalkCloudflareVoyage AIAnthropic Claude
Security Posture

What buyers actually ask about.

Multi-tenant isolation at the database layer. JWT auth with HTTP-only, Secure-flagged cookies. End-to-end TLS from the browser to the application origin — no plaintext on the public internet. Secrets stored in AWS Systems Manager Parameter Store with KMS-scoped read access. Audit logs on governance changes.

SOC 2 Type II attestation is on the roadmap. Reach out to discuss timing if certification is a hard prerequisite for your purchase.

Packaging

Three tiers, sized to where you are.

Pricing is custom and varies with organization size, identity count, and application footprint. Book a demo and we’ll quote against your actual environment — no guessing.

Starter

Single workspace, core governance features, email support.

Best for: Small teams or proof-of-concept rollouts.

  • 1 workspace
  • Role matrix and application inventory
  • Maturity scoring (NIST CSF)
  • Phased implementation plan
  • Email support
Talk to us
Growth

Multi-workspace, AI document ingestion, vendor template library, onboarding workshop included.

Best for: Mid-market security teams running real IAM governance.

  • Multiple workspaces
  • AI document ingestion (Voyage AI + Anthropic Claude)
  • Vendor template library
  • Onboarding workshop
  • Business-hours support
Talk to us
Enterprise

Unlimited workspaces, SAML SSO, named customer success, custom integrations.

Best for: Larger organizations and regulated industries.

  • Unlimited workspaces and identities
  • SAML SSO
  • Named customer success contact
  • Custom integrations and reporting
  • SOC 2 Type II attestation (on roadmap)
Talk to us
Frequently Asked

Questions buyers ask before a demo.

What is IAM governance software?

IAM governance software helps an organization define, enforce, and prove that the right people have the right access to the right systems. It usually includes role matrices (who can do what), application inventories (what systems are in scope), access reviews (periodic verification), and maturity scoring. Apex Steward is purpose-built for the mid-market band where IAM governance matters but a six-figure enterprise tool isn't realistic.

How is Apex Steward different from SailPoint or Saviynt?

SailPoint and Saviynt are enterprise IGA platforms — powerful but priced and scoped for organizations with dedicated IAM teams and multi-quarter implementation budgets. Apex Steward targets mid-market: faster to deploy, AI-augmented for the manual data-entry work that usually slows IAM projects down, and packaged for organizations that don't have an enterprise advisory budget.

How long does a typical IAM governance rollout take with Apex Steward?

Initial workspace and vendor-template setup takes a few hours. Importing existing policies through the AI ingestion pipeline takes minutes per document instead of hours. A useful first-pass maturity assessment typically lands in the first week. A full multi-application rollout depends on your environment, but is usually weeks rather than months.

Can AI extract IAM policies from vendor documentation?

Yes — that's the core of Apex Steward's differentiation. Upload PDF or DOCX vendor docs, security policies, or compliance frameworks. Voyage AI embeddings index the content. Anthropic Claude extracts roles, applications, entitlements, and policy statements into structured form. A blend-diff algorithm reconciles the AI output with anything you've already authored so manual work isn't overwritten.

What's the difference between IAM, IGA, and PAM?

IAM (Identity and Access Management) is the umbrella — managing who has access to what. IGA (Identity Governance and Administration) is the governance layer that decides whether the access is appropriate. PAM (Privileged Access Management) is a sub-discipline focused specifically on high-risk admin accounts. Apex Steward is primarily an IGA tool: the layer that decides and proves access is appropriate.

Does Apex Steward integrate with my existing identity provider?

Apex Steward sits above the IdP layer. Your Okta, Microsoft Entra, or Google Workspace continues to handle authentication. Apex Steward governs the policy and structural side — what roles exist, who's in them, which applications map to which roles, and how mature each domain is. SAML SSO into Apex Steward itself is on the roadmap for the Enterprise tier.

What about compliance — SOC 2, ISO 27001, HIPAA?

Apex Steward's maturity framework aligns with NIST Cybersecurity Framework and supports common compliance frameworks. Apex Steward as a vendor is on a SOC 2 Type II roadmap; reach out to discuss timing if compliance certification is a hard prerequisite for your purchase.

Ready to See It

Book a 30-minute walkthrough.

We’ll show you the AI ingestion live with one of your sample documents, walk through the role matrix and maturity dashboard, and answer questions about scoping, security, and rollout. Prefer to explore on your own first? Request a demo account and we’ll send you credentials with a pre-populated workspace.