Microauthorizations - one step closer into Zero Trust and Passwordless Future
Modify your Authentication/Authorization Rules for Every Stage of the User Journey
Microauthorizations from Secfense make it possible to force users to authenticate again every time they access
specific resources or want to perform specific actions within the protected application.
If microauthorizations are in place, Secfense takes over the communication and triggers one of two scenarios.
In the Owner scenario, Secfense asks the user to reauthenticate. In the Supervisor scenario, Secfense sends
the authorization request to a third party.
Two-factor authentication is one of the best ways to protect against phishing; however, its implementation has
always been difficult. Secfense helped us solve the implementation problem. We were able to introduce various
2FA methods at once on our web applications.
Dariusz Pitala Head of IT, MPEC S.A.
Invisible Security Layer
Since User Access Security Broker from Secfense works as an invisible security layer, microauthorizations can be
added and triggered at any stage of the user journey.
Microauthorizations in the Owner scenario
In the Owner scenario, microauthorizations operate according to the principle of least privilege. This means
they provide additional protection against attacks on an active session or other attacks against an already
logged-in user (including real-time phishing or malware).
Microauthorizations in the Supervisor scenario
In the Supervisor scenario, microauthorization requests are sent to selected and trusted users who then decide
whether to accept or deny them. This scenario is used to protect particularly sensitive resources.
Regardless of the scenario, microauthorizations protect sensitive resources against risks such as:
automatic export (with or without user consent),
uncontrolled leakage of confidential data through the application interface
Effortless Triggering And Use Of Microauthorizations
Microauthorizations are effective only if they do not require much effort from the user. That is why the
recommended microauthorizations setup includes FIDO2 – the open web
With microauthorizations in the FIDO2 standard and the Owner scenario active, users can access protected
resources by simply touching the cryptographic key or another local authenticator (for example, a smartphone
with a fingerprint sensor or a laptop with an infrared camera).
The supervisor scenario also adds an extra authentication step. In this case, however, access can only be granted by a privileged user with higher authority.
All events related to microauthorizations are logged in the Secfense event log (or streamed to an external login system) and can be analyzed to detect anomalies.
Want to test out User Access Security Broker on your Testing
Testing enterprise solutions has never been easier. You can deploy and
test a UASB demo within one day and learn all its mechanisms. Schedule
your discovery call and learn how to register for your commitment-free
„We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.”
Business Continuity and Computer Security Officer
BNP Paribas Bank Polska
“Two-factor authentication is known to be one of the best ways to protect against phishing; however, its implementation has always been difficult. Secfense helped us solve that problem. With their security broker, we were able to introduce various 2FA methods on our web applications at once.”