Darktrace IDENTITY is an identity threat detection and response solution that uses Self-Learning AI to monitor and protect user identities across cloud applications and digital environments. The product integrates with Single Sign-On (SSO) and Active Directory (AD) systems to provide visibility into user activities and detect identity-based threats. The solution monitors for account takeover attempts by correlating anomalies such as unusual SaaS login locations, session token misuse, and adversary-in-the-middle attacks. It uses Peer Group Analysis to identify insider threats through detection of unusual behavior patterns, credential misuse, and data exfiltration activities. The platform includes Credential Theft Monitoring capabilities that combine human expertise with AI to identify lateral movement and credential-based attacks. Darktrace IDENTITY performs automated investigations into security events to reveal the nature and root cause of incidents, producing dynamic situational dashboards and reports. The autonomous response capabilities can block suspicious IP addresses, force user logouts, disable compromised accounts, and end active user sessions across all devices at machine speed. The product connects to cloud applications via API and supports custom modular configuration through a REST API that accepts JSON, OAuth 2, and API key authentication methods. It integrates with major cloud applications to monitor user activity within each service by interacting directly with SaaS vendors.