Authorization as a Service
Identity-aware authorization at cloud-scale


Authentication
Decouple Authentication from Authorization: accelerate and future-proof your development efforts by breaking the dependency between applications and data sources
Identity Hub: Aggregate & Normalize Identity data from multiple sources

Access Control
Future-proof, open-standard based application integration: OAuth2 or OIDC
RBAC/ABAC/PBAC: Perform Role, Attribute & Permission Based Access Control based on information from identity sources
Transactional MFA: Prompt users for step-up authentication for authorization to sensitive data or services

Data Control
Smart Tokens: Data-level governance to control data distribution to applications
Consent Ledger: Fine-grained consent grants put users in control of their PII and how it is distributed
Partner Data Sharing: Enable data sharing with Partners
Delegated Administration: Multi-level policy management for admins, 3rd party developers and partners

Adaptive Enforcement
Dynamic Authorization Policies: Perform risk-aware authorizations that consider transaction payloads and API invocation characteristics
Automated Workload Discovery & Orchestration to Achieve Zero-Trust: Broad support for API Gateways as well as deep integration and service identity for modern application backends running on K8s and service meshes
Policies as Code: Unified policy language authored visually or via JSON, OPA/Rego and JavaScript
