Conditional and Dynamic Access
Introduce conditional protection for all of your privileged infastructure with AuthNull.
Conditional Access for on-prem Active Directory
AuthNull provides native support for conditional access to on-prem Active Directory. This means that any identity that is used on Windows or Linux machine that is joined to the domain and authenticates against active directory can be used for conditional access.
What can you control access to on an on premise Active Directory?
An Identity can be assigned access to another user, service account, or groups. Additionally access can be provided to a set of machines based on conditions.
Linux based Conditional Access
Provide conditional access to Linux hosts based on User Behavioral Analytics (UBA), User Risk, Session Risk variables
Add / remove local entitlements
AuthNull can add / remove local entitlements to Linux hosts based on various conditions.
Users can be added to sudoers
AuthNull can add / remove users from sudoers, and enable them to run specific commands based on various conditions.
Radius Conditional Access
AuthNull can provide conditional access to Radius
Access to specific Radius devices
AuthNull can provide access to specific Radius devices based on various conditions.
What kinds of Radius Infrastructure is supported?
We support all Radius Infrastructure including Microsoft NPS / Radius, FreeRADIUS, Cisco ISE and Clearpass.
Agent / Agentless MFA for Active Directory
For Active Directory, AuthNull supports both agent and agentless MFA
Agentless
Does not need any client side installs on endpoints / devices.
Agent-based - how does this work?
Uses windows custom authenticators / log on providers to deliver MFA. For Linux we use custom PAM modules
Database MFA
For Active Directory, AuthNull supports both agent and agentless MFA
Supports open source databases
Supports open source databases like PostgreSQL, MySQL, and MariaDB.PostgreSQL, MySQL, and MariaDB
Agent-based - how does this work?
Uses a database proxy to deliver MFA to the database
Conditions Access Controls
Here are the conditional access controls available
| Condition | Why is it useful? | What access can be controlled? |
|---|---|---|
| Location, Network and Device | Enables targeting of users based on location, network and device. |
Active Directory: Specific shared Active Directory Users, Groups and Service Accounts.
For Linux: Specific users, groups and commands. Conditional access to sudoers. For Database: Access to specific databases, and tables. Restricted access to specific columns including data masking. For Radius Devices: Access to specific Radius devices. For All: Allow / Deny access to all resources based on conditions. |
| UBA -Trusted Device and Trusted Locations | AuthNull automatically profiles the device and location of the user and establishes trusted baselines. Enable Landspeed violations. | |
| Target based on Identity and Session Risk | Enables conditional access based on user identity and session risk. | |
| Time bound access | Enables just in time or Zero Standing Privileges access to resources based on time of day. |
Compare Conditional Access
|
Azure Conditional Access
|
AuthNull
|
|
|---|---|---|
| Active Directory on prem | Yes. But requires intune, and Entra P1 license. | Yes. Natively supported with Agentless and Agent based setup. |
| Radius Conditional access | Natively supported | Natively supported |
| Database Conditional Access | Not supported | Supported for Postgres, MySQL and MariaDB |
| Entra ID as the identity store | Supported Natively | Support available soon |
| Linux support for Conditional Access | Not supported | Native support with Database specific policies |
| Starting cost |
$$
$10+ per user per month
|
$
$6 per user per month
|
Entra id is trademark of Microsoft corporation. AuthNull is not affiliated with Microsoft corporation and this information is not endorsed by Microsoft corporation.