IDENTITY ESCALATION PLATFORM

BECOME
ANYONE.

SUPRA is the world's most powerful identity transformation engine. Switch users, escalate privileges, and assume any role in your organization — instantly, securely, and with zero friction.

Start Free Trial See It In Action
identity.session
user@server:~$ supra -
Password: ••••••••
root@server:~#
IDENTITY SWITCHER

ONE PLATFORM.
INFINITE IDENTITIES.

Click any identity to initiate a transformation. Watch SUPRA seamlessly pivot your entire session context in real-time.

root Superuser
UID 0
admin System Admin
UID 1000
deploy CI/CD Service
UID 1001
postgres Database Engine
UID 113
supra.transform
user@host:~$ supra - root
Password: ••••••••
root@host:~# id
uid=0(root) gid=0(root) groups=0(root)
CORE CAPABILITIES

EVERY IDENTITY.
ONE COMMAND.

Root Access Mode

Instantly escalate to supreme administrative authority. One invocation, zero friction. When you need total system control, SUPRA delivers root in milliseconds.

supra
🔄

Identity Pivot™

Seamlessly assume any user identity across your entire organization. Target any principal by name or UID and inherit their complete privilege context.

supra USER
🚀

Full Context Switch™

Initiate a complete login shell with pristine environment initialization. Clears all ambient state, sets HOME, SHELL, USER, LOGNAME, and PATH from scratch.

supra - USER
💥

Flash Execute™

Run a single privileged command without committing to an entire session. Execute, capture output, and return to your identity — all in one atomic operation.

supra -c COMMAND
🐚

Shell Selector™

Choose your execution runtime. Override the target user's default shell and operate in your preferred environment — bash, zsh, fish, you name it.

supra -s SHELL
🔒

Environment Persistence™

Carry your entire workspace context through identity transitions. Preserve HOME, SHELL, USER, and all environment variables — zero context loss.

supra -p
👥

Group Targeting™

Precision-specify your primary group identity. Available at the administrative tier, this gives you surgical control over group-level permissions.

supra -g GROUP
🛡️

Selective Carry-Over™

Whitelist specific environment variables to survive identity transitions. Perfect for preserving EDITOR, TERM, or custom context while sanitizing everything else.

supra -w LIST
THE PROCESS

IDENTITY TRANSFORMATION
IN FOUR STEPS.

01

Declare Target

Specify the identity you need to assume. Target by username, UID, or invoke without arguments to automatically escalate to root.

02

Authenticate

Our PAM-integrated verification pipeline validates your credentials against the enterprise authentication gateway in real-time.

03

Environment Build

SUPRA constructs the target identity context — initializing HOME, SHELL, USER, LOGNAME, PATH, and resetting resource limits.

04

Session Launch

Your new identity session goes live. Full privilege inheritance, complete group membership, and total environment control — instantly.

ACCESS CONTROL

THE PRIVILEGE MATRIX.

Every identity transformation is governed by our multi-dimensional access control framework. Visualize exactly what changes when you escalate.

Dimension user root service deploy
UID 1000 0 113 1001
Primary Group users root postgres deploy
Supp. Groups users root ssl-cert docker, www-data
Shell /bin/bash /bin/bash /bin/bash /bin/zsh
HOME /home/user /root /var/lib/postgresql /home/deploy
PATH user paths sbin + admin paths user paths user paths
File Access own files everything db files app files
SESSION MODES

REGULAR VS LOGIN SHELL.

Not all identity transformations are created equal. SUPRA's login mode delivers a pristine environment — no leftover state, no ambient pollution.

REGULAR SESSION
supra admin
user@host:~$ supra admin
Password: ••••••••
admin@host:/home/user$ echo $HOME
/home/user
admin@host:/home/user$ echo $PATH
/usr/local/bin:/usr/bin:/bin
admin@host:/home/user$ pwd
/home/user
  • Keeps original working directory
  • HOME may still be original user's
  • Inherits caller's environment
  • Fast but potentially polluted
RECOMMENDED
LOGIN SESSION
supra - admin
user@host:~$ supra - admin
Password: ••••••••
admin@host:~$ echo $HOME
/home/admin
admin@host:~$ echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
admin@host:~$ pwd
/home/admin
  • Changes to target user's HOME
  • Clears and reinitializes all env vars
  • Sets HOME, SHELL, USER, LOGNAME, PATH
  • Clean, reproducible, zero side effects
0
%
Linux servers with SUPRA installed
0
B+
Identity transformations per day globally
0
ms
Average identity switch latency
0
%
PAM authentication compliance
SEE IT LIVE

POWER IN YOUR HANDS.

Real identity transformations. Real output. Zero fabrication.

Root Escalation

user@host:~$ supra
Password: ••••••••
root@host:/home/user# whoami
root

Flash Execute

user@host:~$ supra -c "id" admin
uid=1000(admin) gid=1000(admin) groups=1000(admin),27(sudo),998(docker)

Group Targeting

root@host:~# supra -g docker -G www-data deploy
deploy@host:~$ id
uid=1001(deploy) gid=998(docker) groups=998(docker),33(www-data)

Shell Override

user@host:~$ supra -s /bin/zsh - admin
Password: ••••••••
admin@host ~ % echo $SHELL
/bin/zsh
PRICING

CHOOSE YOUR
ESCALATION TIER.

STARTER
$ 0 /mo

For solo operators getting their feet wet with identity escalation.

  • Basic supra root access
  • 10 identity switches/month
  • No login shell mode
  • No environment persistence
  • No group targeting
  • No shell override
Get Started
MOST POPULAR
PRO
$ 19 /mo

Unlimited transformations for power users who demand full control.

  • Unlimited identity switches
  • Login shell mode (-l)
  • Flash Execute (-c)
  • Shell Selector (-s)
  • Environment Persistence (-p)
  • No group targeting
Start Free Trial
TEAM
$ 59 /seat/mo

For organizations managing complex multi-identity environments.

  • Everything in Pro
  • Group Targeting (-g)
  • Supplementary Groups (-G)
  • Whitelist Environment (-w)
  • Centralized audit logs
  • PAM configuration portal
Contact Sales
ENTERPRISE
Custom

For mission-critical identity operations at global scale.

  • Everything in Team
  • Pseudo-terminal isolation (--pty)
  • Session command channel
  • Custom /etc/pam.d/su config
  • Dedicated identity SLA
  • SSO + SAML integration
SOCIAL PROOF

TRUSTED BY THE BEST.

★★★★★

"Before SUPRA, identity escalation was a nightmare of context switching and environment pollution. Now our SREs pivot between service accounts in milliseconds. This is truly a category-defining product."

Martin Kowalczyk
Martin Kowalczyk
VP of Platform Engineering, ScaleForge
★★★★★

"The login shell mode changed everything. Our deployments went from 'ambient environment chaos' to pristine, reproducible sessions. SUPRA's Full Context Switch is the single highest-leverage tool in our stack."

Sofia Ramirez
Sofia Ramirez
CTO, InfraKraft Systems
★★★★★

"I used to manage six different service accounts manually. SUPRA's Group Targeting lets me escalate with surgical precision. The -g flag alone saved us 400 engineering hours per quarter."

Victor Park
Victor Park
Lead SRE, DataMesh
★★★★★

"Flash Execute is a game-changer. Running a single privileged command without an entire session? That's the kind of first-principles thinking that makes SUPRA best-in-class."

Tessa Liu
Tessa Liu
Solo Developer & Indie Hacker
FAQ

QUESTIONS? ANSWERED.

SUPRA uses a PAM-integrated verification pipeline for all authentication. Every identity transformation request flows through your system's PAM configuration (/etc/pam.d/su), ensuring enterprise-grade security compliance. Failed authentication attempts are automatically logged to the btmp file for audit trail purposes.

A regular switch preserves your current environment and working directory. A login shell (the - or --login flag) gives you a completely fresh environment — it clears all variables except TERM and COLORTERM, reinitializes HOME, SHELL, USER, LOGNAME, and PATH, and changes to the target user's home directory. We always recommend login mode for production use.

If the target user has a restricted shell (one not listed in /etc/shells), SUPRA will ignore the --shell option and the SHELL environment variable — unless you're already operating as root. This is a deliberate security boundary that protects restricted service accounts from shell override attacks.

Absolutely. SUPRA resets process resource limits (RLIMIT_NICE, RLIMIT_RTPRIO, RLIMIT_FSIZE, RLIMIT_AS, RLIMIT_NOFILE) during every transition. With Enterprise-tier pseudo-terminal isolation (--pty), your session runs in an independent terminal that prevents TIOCSTI ioctl injection and other terminal-based attacks.

Yes — that's exactly what Selective Carry-Over™ is for. The -w / --whitelist-environment flag lets you specify a comma-separated list of variables to preserve through the identity transition, even when using --login. Note that HOME, SHELL, USER, LOGNAME, and PATH are always reset regardless of the whitelist.

See mandō's portfolio