Abstract: Disclosed embodiments relate to systems and methods for providing adaptive authentication for access to secure network resources. Techniques include identifying a request from a network identity to access a network resource; identifying data associated with the network identity; performing a first authentication of the network identity based on an authentication policy and the data associated with the network identity; enabling the network identity to access the network resource; monitoring a communication between the network identity and the network resource to identify additional data associated with the network identity; updating the authentication policy based on the data and the additional data; and dynamically performing a second authentication of the network identity based on the updated authentication policy.

Abstract: Disclosed embodiments relate to systems and methods for providing agentless single sign on for native access to secure network resources. Techniques include receiving a request from a network identity to access a network resource; authenticating the network identity using a native client and communication protocol through an authentication process with the native client; sending a first secret to the network identity through the native client; authorizing the network identity based on one or more access policy; identifying, based on the one or more access policy, an account associated with a second secret; accessing the at least one network resource using the second secret; and enabling the network identity to access the at least one network resource using the account using the native client and communication protocol.

Abstract: Disclosed embodiments relate to systems and methods for providing agentless in-memory caching for native network resource connections. Techniques include creating an in-memory cache for one or more actions of a network identity; receiving a request from the network identity to access a network resource; authenticating the network identity using a native client and communication protocol; authorizing the network identity based on one or more access policy; identifying an account having a secret, based on the one or more access policy; accessing the network resource using the secret; and performing one or more action using the in-memory cache in addition to or instead of the network resource.

Abstract: Disclosed embodiments relate to systems and methods for providing agentless efficient queries for native network resource connections. Techniques include receiving a request from a network identity to access an original network resource; authenticating the network identity using a native client and communication protocol; authorizing the network identity based on one or more access policy; identifying an account having a secret, based on the one or more access policy; accessing the original network resource using the secret; enabling the network identity to access the original network resource using the account using the native client and communication protocol; creating at least one new entity associated with the original network resource; adapting the request to use the at least one new entity; and performing the request using the at least one new entity.

Abstract: Disclosed embodiments relate to systems and methods for providing native agentless authorization for network resources. Techniques include receiving a request from a network identity to access a network resource; authenticating the network identity; authorizing the network identity based on one or more access policy comprising rules for accessibility of the network resource and an additional set of rules providing an authorization layer not natively supported by the network resource; identifying an account having a secret; accessing the network resource using the secret; enabling the network identity to access the network resource; analyzing data transferred by identifying one or more action or command requested by the network identity; and authorizing the one or more requested action or command in real-time based on the one or more access policy.

Abstract: Systems, methods and non-transitory computer readable media for initiating actions based on an ongoing customer journey are provided. Customer journey data associated with an ongoing customer journey may be received. The ongoing customer journey may involve an individual and a device associated with the individual in a retail store, such as a shopping cart. The customer journey data may indicate a trajectory of the device in the retail store generated based on data captured using an indoor positioning instrument associated with the device. While the ongoing customer journey is in progress, the customer journey data may be analyzed to determine information associated with the individual. The information associated with the individual may be used to select an action associated with the individual. A digital signal configured to initiate the selected action may be generated.

Abstract: Systems, methods and non-transitory computer readable media for selecting content for presentation in retail stores are provided. Location data associated with a device associated with an individual in a retail store, such as a shopping cart, may be obtained. A data structure including a plurality of data records may be accessed. Each data record may associate a content provider, a region of the retail store and a modifiable bid amount. A group of data records that match the location data of the plurality of data records may be identified. A particular data record of the group may be selected based on the bid amounts. The particular data record may be associated with a particular content provided and a particular bid amount. Content associated with the particular content provider may be presented. An account associated with the particular content provider may be updated based on the particular bid amount.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: Described herein are methods, systems, and computer-readable storage media for using a network identity. Techniques may include obtaining and encrypting a first data element using an encryption key and storing the encrypted first data element mapped to a network identity. Techniques may further include receiving a request from the network identity to perform an action on a resource and authenticating the network identity using an existing protocol, decrypting the first data element using a second data element calculated based on standard fields of the existing protocol, and enabling the action on the resource using the first data element.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: The disclosed embodiments include systems and methods for performing operations using least-privilege access to and control of target network resources. Operations may include identifying a prompt associated with a least-privilege requesting identity to initiate an action on a target network resource; executing, in response to the prompt, a first set of executable code; initiating, based on the first set of executable code, execution of a second set of executable code on the target network resource, wherein the second set of executable code executes using a least-privilege credential or using least-privilege permissions, the least-privilege credential and the least-privilege permissions being determined according to a least-privilege security policy associated with a type of activity expected to be performed on the target network resource; and instructing the second set of executable code to perform the action remotely on the target network resource through a remote session.

Abstract: The disclosed embodiments include systems and methods for implementing least-privilege access to, control of, and/or code execution on target network resources. Operations may include identifying a prompt associated with a least-privilege requesting identity to initiate a remote session on a target network resource; executing, in response to the prompt, a first agent; retrieving, from a secure storage location, a second agent; initiating, by the first agent, execution of the second agent on the target network resource, wherein the second agent executes using a least-privilege credential or using least-privilege permissions associated with the least-privilege requesting identity; and instructing the second agent to perform an action remotely on the target network resource through the remote session using the least-privilege credential or using the least-privilege permissions.

Abstract: The disclosed embodiments include systems and methods for implementing least-privilege access to, control of, and/or code execution on target network resources. Operations may include identifying a prompt associated with a least-privilege requesting identity to initiate a remote session on a target network resource; executing, in response to the prompt, a first agent; retrieving, from a secure storage location, a second agent; initiating, by the first agent, execution of the second agent on the target network resource, wherein the second agent executes using a least-privilege credential or using least-privilege permissions associated with the least-privilege requesting identity; and instructing the second agent to perform an action remotely on the target network resource through the remote session using the least-privilege credential or using the least-privilege permissions.