Abstract: A technique includes creating, by a computer, a sandboxed user account on the computer, where creating the sandboxed user account includes generating credentials for the sandboxed user account. The technique includes creating, by the computer, an operating system session and executing a single sign on (SSO) tool in the operating system session in association with the sandboxed user account. In response to a request that is associated with another user account to start up an application, authorizing, by the computer, use of the application by the other user account based on credentials that are associated with the other user account and starting up the application by the computer. Starting up the application includes using the SSO tool to inject SSO credentials for the other user account based on policy authorization into the application such that the application is executed in association with the sandboxed user account.

Abstract: An existing application processing on a client device initiates a function to provide a hard coded credential to a remote target application for purposes of logging into and gaining access to the remote target application. A hook to the function causes an agent to be activated, the agent dynamically contacts a credential vault to obtain a randomly generated credential for access to the remote target application. The hook injects the randomly generated credential over the hard coded credential supplied by the existing application and the function is initiated. The function logs into the target application using the randomly generated credential providing the existing application access to the remote target application. The hard coded credential is bypassed by the randomly generated credential.

Abstract: A technique includes creating, by a computer, a sandboxed user account on the computer, where creating the sandboxed user account includes generating credentials for the sandboxed user account. The technique includes creating, by the computer, an operating system session and executing a single sign on (SSO) tool in the operating system session in association with the sandboxed user account. In response to a request that is associated with another user account to start up an application, authorizing, by the computer, use of the application by the other user account based on credentials that are associated with the other user account and starting up the application by the computer. Starting up the application includes using the SSO tool to inject SSO credentials for the other user account based on policy authorization into the application such that the application is executed in association with the sandboxed user account.

Abstract: An authenticated session with a remote system is established and identified through an authentication token for the session. During that session, a resource is accessed requiring additional authentication beyond what the authentication token was originally authorized for. Out-of-band processing from the existing session performs the additional authentication and permission from the authentication token are upgraded to include permissions for accessing the resource during the session. The resource is accessed during the session with the authentication token having the upgraded permissions.

Abstract: An existing application processing on a client device initiates a function to provide a hard coded credential to a remote target application for purposes of logging into and gaining access to the remote target application. A hook to the function causes an agent to be activated, the agent dynamically contacts a credential vault to obtain a randomly generated credential for access to the remote target application. The hook injects the randomly generated credential over the hard coded credential supplied by the existing application and the function is initiated. The function logs into the target application using the randomly generated credential providing the existing application access to the remote target application. The hard coded credential is bypassed by the randomly generated credential.

Abstract: An authenticated session with a remote system is established and identified through an authentication token for the session. During that session, a resource is accessed requiring additional authentication beyond what the authentication token was originally authorized for. Out-of-band processing from the existing session performs the additional authentication and permission from the authentication token are upgraded to include permissions for accessing the resource during the session. The resource is accessed during the session with the authentication token having the upgraded permissions.

Abstract: A principal is authenticated for access to a resource and assigned access rights for an authenticated session with the resource. Activity of the principal is monitored during the session, analyzed in real-time, and assigned a security score. Actions of the principal can be denied based on comparison of the score to a threshold; the session can be terminated; a policy can be set to disconnect the principal from future authenticated sessions with the resource once the principal connects with the resource; and/or the action is denied but the principal is permitted to continue with the authenticated session with the resource. No changes are made to the principal's access rights assigned for the authenticated session.