Empower your security and zero trust principles with
SecurEnvoy Conditional Access Policy Engine.
Granular control over access, based on Roles, Devices,
Applications, Timing, and Location.
Are you tired of complex access management and the constant struggle to maintain security and zero trust principles with traditional policies? Embrace the future of access control with our cutting-edge Conditional Access Policy Engine:
Welcome to a new era of secure and personalised access control.
Outdated access management practices come with a host of challenges and drawbacks that can compromise both security and the user experience.
Without a policy engine, access control remains rudimentary, making it challenging to implement granular security measures based on user roles, devices, locations, and other contextual factors. This can result in over-permissioned accounts and increase the risk of unauthorised access to sensitive data and applications.
The absence of dynamic access policies can mean users encounter unnecessary authentication challenges, leading to frustration and reduced productivity. A lack of personalised access controls can make it difficult for legitimate users to access resources promptly.
The SecurEnvoy Conditional Access Policy Engine is a sophisticated access management solution designed to grant or deny access to resources based on various contextual factors.
Instead of relying on static access rules, our policy engine leverages real-time data to make access decisions, considering parameters such as user identity, device attributes, location, time
of access and more.
This intelligent zero trust approach ensures that users get the right level of access based on their roles and the security context, mitigating the risks associated with over-permissioned accounts and unauthorised access.
Strong
Security
Better User
Experience
Reduced
Administration
SecurEnvoy’s Access Management Conditional Access is a cutting-edge solution that consolidates signals from diverse sources to make intelligent access decisions and enforce organisational policies. As the cornerstone of SecurEnvoy’s Zero Trust approach, our policy engine leverages multiple signals to ensure secure access control and protect your resources effectively.
Conditional Access policies can be likened to straightforward if-then statements. When a user seeks access to a resource, a specific action must be fulfilled. In essence, if a user wants to access a resource, then they must complete a designated action to ensure secure access.
Consider an organisation that stores sensitive financial data in a cloud-based application. To bolster security, they have implemented a Conditional Access Policy.
Let’s say an employee with the “Finance Manager” role tries to access the financial application from an unknown device outside the company’s network.
The Conditional Access policy for this scenario could be defined as follows:
If user’s group is “Finance Administration” and access is from outside the corporate network and device is unrecognised, then require multi-factor authentication before granting.
In this example, the policy checks three conditions:
If all these conditions are met, the policy enforces multi-factor authentication, adding an extra layer of security to verify the user’s identity. This way, even if an attacker gains access to the user’s credentials, they would still be unable to breach the application due to the multi-factor authentication requirement. The organisation can effectively protect its sensitive financial data while allowing authorised users to access it securely.
Block End of Life Operating Systems
Configure policy to only allow ‘Windows 10’ or ‘Windows 11’ devices
Enforce MFA for Administrators
Configure policy to enforce second factor MFA if user is a member of the ‘Administrator’ group.
Password Only Access when in Office
Configure policy to allow ‘Password Only’ access to ‘Salesforce’ application when IP Address = ‘Office IP Address Range
Block Access from Certain Countries
Configure policy to block access if Location is ‘X’
Alert Weekend Access to Finance Application
Configure policy to trigger email Alert to administrator when users authenticate to application ‘SAP Concur’ when day of week is ‘Saturday’ or ‘Sunday’
Enable the Conditional Access Policy Engine with a Default Action set to “Deny Access”
Then, you can create specific policy rules to allow access or define an alternative default action if no policy rule is triggered.
These rules are always enforced based on the principle of least privilege. For instance, if a rule requires multi-factor authentication (MFA) and a “Deny Access” policy rule are both triggered, access will be blocked in accordance with the least privilege rule activated.
BYOD
Embrace the BYOD policy by
implementing an adaptive user
authentication mechanism
tailored to access risk levels
Passwordless
Experience
Enhance user experience for
office-based users accessing
applications and resources on
corporate devices with a
seamless SSO and
Passwordless Experience
Zero Trust
Enforce Zero Trust principles
with simple and advanced
conditional access rules for
precise application and
resource control
Flexible Access Management Security that allows you to select the deployment method that is right for your organisation
Choosing Control Over Cloud In today’s rapidly evolving digital era, the shift towards cloud-first strategies is unmistakable. However, amidst t...
Jordan Delany
Access Management / Cloud / On-premise
A changing cybersecurity landscape demands ongoing flexibility that Managed Security Services can deliver
In recent years, traditional cybersecurity resellers have shifted their focus. Once, they concentrated on offering point vendor solutions; now, they a...
Adam Bruce
Access Management / Cloud / On-premise
