Start with Identity
ITDR

Obsidian Security

Founded 2017Newport Beach, California, USAPrivateScore 4.2/5Evaluated 2026-07-03Website ↗

Capability scores

Methodology →
Authentication
3.5
SSO & Federation
3.5
Authorization
3.5
Lifecycle & Provisioning
2.5
MFA & Passwordless
3.0
Governance & Audit
4.0
Developer Experience
3.5
Deployment Flexibility
3.5
Pricing Transparency
3.0
Support & Ecosystem
3.5

Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.

Overview

Obsidian Security is a SaaS security platform that protects applications like Microsoft 365, Salesforce, and others against identity-based threats. It combines posture management, threat detection, and third-party integration risk for the SaaS layer.

What it is good at

Obsidian focuses on where modern identity attacks increasingly land: SaaS. It detects account takeover, risky OAuth integrations, and suspicious activity across connected applications, and hardens SaaS configuration, giving security teams visibility into an area traditional ITDR and endpoint tools miss.

Where it falls short

Its focus is SaaS, so on-premises Active Directory threat detection and recovery are outside its core, and it complements rather than replaces directory-focused ITDR.

Pricing

Quote-based enterprise pricing.

Best for, and who should look elsewhere

Choose Obsidian to detect and harden identity risk across SaaS applications. Look elsewhere for AD-focused ITDR (see Semperis).

Bottom line

A SaaS-focused identity threat detection and posture platform, strong where attacks target cloud applications and OAuth.

By SWI Community Team · Last evaluated 2026-07-03

Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to [email protected].