Conditional and Dynamic Access
Introduce conditional protection for all of your privileged infastructure with AuthNull.
AuthNull provides native support for conditional access to on-prem Active Directory. This means that any identity that is used on Windows or Linux machine that is joined to the domain and authenticates against active directory can be used for conditional access.
An Identity can be assigned access to another user, service account, or groups. Additionally access can be provided to a set of machines based on conditions.
Provide conditional access to Linux hosts based on User Behavioral Analytics (UBA), User Risk, Session Risk variables
AuthNull can add / remove local entitlements to Linux hosts based on various conditions.
AuthNull can add / remove users from sudoers, and enable them to run specific commands based on various conditions.
AuthNull can provide conditional access to Radius
AuthNull can provide access to specific Radius devices based on various conditions.
We support all Radius Infrastructure including Microsoft NPS / Radius, FreeRADIUS, Cisco ISE and Clearpass.
For Active Directory, AuthNull supports both agent and agentless MFA
Does not need any client side installs on endpoints / devices.
Uses windows custom authenticators / log on providers to deliver MFA. For Linux we use custom PAM modules
For Active Directory, AuthNull supports both agent and agentless MFA
Supports open source databases like PostgreSQL, MySQL, and MariaDB.PostgreSQL, MySQL, and MariaDB
Uses a database proxy to deliver MFA to the database
Here are the conditional access controls available
Condition | Why is it useful? | What access can be controlled? |
---|---|---|
Location, Network and Device | Enables targeting of users based on location, network and device. |
Active Directory: Specific shared Active Directory Users, Groups and Service Accounts.
For Linux: Specific users, groups and commands. Conditional access to sudoers. For Database: Access to specific databases, and tables. Restricted access to specific columns including data masking. For Radius Devices: Access to specific Radius devices. For All: Allow / Deny access to all resources based on conditions. |
UBA -Trusted Device and Trusted Locations | AuthNull automatically profiles the device and location of the user and establishes trusted baselines. Enable Landspeed violations. | |
Target based on Identity and Session Risk | Enables conditional access based on user identity and session risk. | |
Time bound access | Enables just in time or Zero Standing Privileges access to resources based on time of day. |
Azure Conditional Access
|
AuthNull
|
|
---|---|---|
Active Directory on prem | Yes. But requires intune, and Entra P1 license. | Yes. Natively supported with Agentless and Agent based setup. |
Radius Conditional access | Natively supported | Natively supported |
Database Conditional Access | Not supported | Supported for Postgres, MySQL and MariaDB |
Entra ID as the identity store | Supported Natively | Support available soon |
Linux support for Conditional Access | Not supported | Native support with Database specific policies |
Starting cost |
$$
$10+ per user per month
|
$
$6 per user per month
|
Entra id is trademark of Microsoft corporation. AuthNull is not affiliated with Microsoft corporation and this information is not endorsed by Microsoft corporation.