Conditional and Dynamic Access

Introduce conditional protection for all of your privileged infastructure with AuthNull.


Conditional Access for on-prem Active Directory

AuthNull provides native support for conditional access to on-prem Active Directory. This means that any identity that is used on Windows or Linux machine that is joined to the domain and authenticates against active directory can be used for conditional access.

What can you control access to on an on premise Active Directory?

An Identity can be assigned access to another user, service account, or groups. Additionally access can be provided to a set of machines based on conditions.

Active Directory Domain Services

Linux based Conditional Access

Provide conditional access to Linux hosts based on User Behavioral Analytics (UBA), User Risk, Session Risk variables

Add / remove local entitlements

AuthNull can add / remove local entitlements to Linux hosts based on various conditions.

Users can be added to sudoers

AuthNull can add / remove users from sudoers, and enable them to run specific commands based on various conditions.

Scale outreach

Radius Conditional Access

AuthNull can provide conditional access to Radius

Access to specific Radius devices

AuthNull can provide access to specific Radius devices based on various conditions.

What kinds of Radius Infrastructure is supported?

We support all Radius Infrastructure including Microsoft NPS / Radius, FreeRADIUS, Cisco ISE and Clearpass.

AI features

Agent / Agentless MFA for Active Directory

For Active Directory, AuthNull supports both agent and agentless MFA

Agentless

Does not need any client side installs on endpoints / devices.

Agent-based - how does this work?

Uses windows custom authenticators / log on providers to deliver MFA. For Linux we use custom PAM modules

Professional services

Database MFA

For Active Directory, AuthNull supports both agent and agentless MFA

Supports open source databases

Supports open source databases like PostgreSQL, MySQL, and MariaDB.PostgreSQL, MySQL, and MariaDB

Agent-based - how does this work?

Uses a database proxy to deliver MFA to the database


Professional services

Conditions Access Controls

Here are the conditional access controls available

Condition Why is it useful? What access can be controlled?
Location, Network and Device Enables targeting of users based on location, network and device. Active Directory: Specific shared Active Directory Users, Groups and Service Accounts.

For Linux: Specific users, groups and commands. Conditional access to sudoers.

For Database: Access to specific databases, and tables. Restricted access to specific columns including data masking.

For Radius Devices: Access to specific Radius devices.

For All: Allow / Deny access to all resources based on conditions.
UBA -Trusted Device and Trusted Locations AuthNull automatically profiles the device and location of the user and establishes trusted baselines. Enable Landspeed violations.
Target based on Identity and Session Risk Enables conditional access based on user identity and session risk.
Time bound access Enables just in time or Zero Standing Privileges access to resources based on time of day.

Compare Conditional Access

Azure Conditional Access
AuthNull
Active Directory on prem Yes. But requires intune, and Entra P1 license. Yes. Natively supported with Agentless and Agent based setup.
Radius Conditional access Natively supported Natively supported
Database Conditional Access Not supported Supported for Postgres, MySQL and MariaDB
Entra ID as the identity store Supported Natively Support available soon
Linux support for Conditional Access Not supported Native support with Database specific policies
Starting cost
$$
$10+ per user per month
$
$6 per user per month

Entra id is trademark of Microsoft corporation. AuthNull is not affiliated with Microsoft corporation and this information is not endorsed by Microsoft corporation.