Conditional Access Policy Engine - Empower Your Security

Download the new On-Premise MFA E-Guide >

Are you tired of complex access management and the constant struggle to maintain security and zero trust principles with traditional policies? Embrace the future of access control with our cutting-edge Conditional Access Policy Engine:

Say goodbye to one-size-fits-all security measures
Welcome a dynamic approach that grants access based on contextual factors such as user roles, device attributes, application context, timing, and location
Enhance your organisation’s security while providing a frictionless and seamless user experience

Welcome to a new era of secure and personalised access control.

The challenges and limitations of a static access policy

Outdated access management practices come with a host of challenges and drawbacks that can compromise both security and the user experience.

Without a policy engine, access control remains rudimentary, making it challenging to implement granular security measures based on user roles, devices, locations, and other contextual factors. This can result in over-permissioned accounts and increase the risk of unauthorised access to sensitive data and applications.

The absence of dynamic access policies can mean users encounter unnecessary authentication challenges, leading to frustration and reduced productivity. A lack of personalised access controls can make it difficult for legitimate users to access resources promptly.

Smarter access control with SecurEnvoy Conditional Access Policy Engine

The SecurEnvoy Conditional Access Policy Engine is a sophisticated access management solution designed to grant or deny access to resources based on various contextual factors.

Instead of relying on static access rules, our policy engine leverages real-time data to make access decisions, considering parameters such as user identity, device attributes, location, time
of access and more.

This intelligent zero trust approach ensures that users get the right level of access based on their roles and the security context, mitigating the risks associated with over-permissioned accounts and unauthorised access.

The Power of the Conditional Access Policy Engine

Strong
Security

Risk Based Access Control
Reduced Attack Surface
Consistent Enforcement

Better User
Experience

Personalised Approach
Balance Security & User Experience

Reduced
Administration

Centralised Policy Management
Automate Access Decisions

How the Conditional Access Policy Engine works

SecurEnvoy’s Access Management Conditional Access is a cutting-edge solution that consolidates signals from diverse sources to make intelligent access decisions and enforce organisational policies. As the cornerstone of SecurEnvoy’s Zero Trust approach, our policy engine leverages multiple signals to ensure secure access control and protect your resources effectively.

Conditional Access policies can be likened to straightforward if-then statements. When a user seeks access to a resource, a specific action must be fulfilled. In essence, if a user wants to access a resource, then they must complete a designated action to ensure secure access.

Conditional Access in action

User example of a Conditional Access Policy

Consider an organisation that stores sensitive financial data in a cloud-based application. To bolster security, they have implemented a Conditional Access Policy.

Let’s say an employee with the “Finance Manager” role tries to access the financial application from an unknown device outside the company’s network.

The Conditional Access policy for this scenario could be defined as follows:

If user’s group is “Finance Administration” and access is from outside the corporate network and device is unrecognised, then require multi-factor authentication before granting.

In this example, the policy checks three conditions:

The user’s role must be “Finance Manager”
The access attempt is made from outside the corporate network
The device is unrecognised, indicating a potential security risk

If all these conditions are met, the policy enforces multi-factor authentication, adding an extra layer of security to verify the user’s identity. This way, even if an attacker gains access to the user’s credentials, they would still be unable to breach the application due to the multi-factor authentication requirement. The organisation can effectively protect its sensitive financial data while allowing authorised users to access it securely.

Commonly applied policies

Block End of Life Operating Systems
Configure policy to only allow ‘Windows 10’ or ‘Windows 11’ devices

Enforce MFA for Administrators
Configure policy to enforce second factor MFA if user is a member of the ‘Administrator’ group.

Password Only Access when in Office
Configure policy to allow ‘Password Only’ access to ‘Salesforce’ application when IP Address = ‘Office IP Address Range

Block Access from Certain Countries
Configure policy to block access if Location is ‘X’

Alert Weekend Access to Finance Application
Configure policy to trigger email Alert to administrator when users authenticate to application ‘SAP Concur’ when day of week is ‘Saturday’ or ‘Sunday’

Enable the Conditional Access Policy Engine with a Default Action set to “Deny Access”
Then, you can create specific policy rules to allow access or define an alternative default action if no policy rule is triggered. These rules are always enforced based on the principle of least privilege. For instance, if a rule requires multi-factor authentication (MFA) and a “Deny Access” policy rule are both triggered, access will be blocked in accordance with the least privilege rule activated.

Typical use cases

BYOD

Embrace the BYOD policy by implementing an adaptive user authentication mechanism tailored to access risk levels

Passwordless Experience

Enhance user experience for office-based users accessing applications and resources on corporate devices with a seamless SSO and Passwordless Experience

Zero Trust

Enforce Zero Trust principles with simple and advanced conditional access rules for precise application and resource control

Find out more >

Start free trial >

Read the brochure >

Explore more - read the latest blogs

Why on-premise access management still matters in a cloud-focused world

The concept of cloud repatriation has emerged as a strategic response to the evolving needs of organisations, particularly concerning on-premise acces...

Adam Bruce

Access Management / Data Control / Data Security Awareness

Flexible Access Management Security that allows you to select the deployment method that is right for your organisation

Choosing Control Over Cloud In today’s rapidly evolving digital era, the shift towards cloud-first strategies is unmistakable. However, amidst t...

Jordan Delany

Access Management / Cloud / On-premise

A changing cybersecurity landscape demands ongoing flexibility that Managed Security Services can deliver

In recent years, traditional cybersecurity resellers have shifted their focus. Once, they concentrated on offering point vendor solutions; now, they a...

Adam Bruce

Access Management / Cloud / On-premise

Find out more…

More about MFA

SecurEnvoy MFA Tech Guides

Request a Demo