Abstract: Disclosed embodiments relate to systems and methods for providing adaptive authentication for access to secure network resources. Techniques include identifying a request from a network identity to access a network resource; identifying data associated with the network identity; performing a first authentication of the network identity based on an authentication policy and the data associated with the network identity; enabling the network identity to access the network resource; monitoring a communication between the network identity and the network resource to identify additional data associated with the network identity; updating the authentication policy based on the data and the additional data; and dynamically performing a second authentication of the network identity based on the updated authentication policy.

Abstract: Disclosed embodiments relate to systems and methods for providing agentless efficient queries for native network resource connections. Techniques include receiving a request from a network identity to access an original network resource; authenticating the network identity using a native client and communication protocol; authorizing the network identity based on one or more access policy; identifying an account having a secret, based on the one or more access policy; accessing the original network resource using the secret; enabling the network identity to access the original network resource using the account using the native client and communication protocol; creating at least one new entity associated with the original network resource; adapting the request to use the at least one new entity; and performing the request using the at least one new entity.

Abstract: Disclosed embodiments relate to systems and methods for providing agentless in-memory caching for native network resource connections. Techniques include creating an in-memory cache for one or more actions of a network identity; receiving a request from the network identity to access a network resource; authenticating the network identity using a native client and communication protocol; authorizing the network identity based on one or more access policy; identifying an account having a secret, based on the one or more access policy; accessing the network resource using the secret; and performing one or more action using the in-memory cache in addition to or instead of the network resource.

Abstract: Disclosed embodiments relate to systems and methods for providing agentless single sign on for native access to secure network resources. Techniques include receiving a request from a network identity to access a network resource; authenticating the network identity using a native client and communication protocol through an authentication process with the native client; sending a first secret to the network identity through the native client; authorizing the network identity based on one or more access policy; identifying, based on the one or more access policy, an account associated with a second secret; accessing the at least one network resource using the second secret; and enabling the network identity to access the at least one network resource using the account using the native client and communication protocol.

Abstract: Disclosed embodiments relate to systems and methods for providing native agentless authorization for network resources. Techniques include receiving a request from a network identity to access a network resource; authenticating the network identity; authorizing the network identity based on one or more access policy comprising rules for accessibility of the network resource and an additional set of rules providing an authorization layer not natively supported by the network resource; identifying an account having a secret; accessing the network resource using the secret; enabling the network identity to access the network resource; analyzing data transferred by identifying one or more action or command requested by the network identity; and authorizing the one or more requested action or command in real-time based on the one or more access policy.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: Described herein are methods, systems, and computer-readable storage media for using a network identity. Techniques may include obtaining and encrypting a first data element using an encryption key and storing the encrypted first data element mapped to a network identity. Techniques may further include receiving a request from the network identity to perform an action on a resource and authenticating the network identity using an existing protocol, decrypting the first data element using a second data element calculated based on standard fields of the existing protocol, and enabling the action on the resource using the first data element.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: Systems and methods are provided for providing web-based authentication for non-web based clients. The systems and methods include receiving, from a non-web based client, a request to connect to a target resource and invoking a web navigation application. The web navigation application can execute remotely from the client on a server and a display of the web navigation application can be provided to the non-web based client. The web navigation application can be directed to an identity provider an can receive, from the client, in response to the display of the web navigation application, authentication information. The web navigation application can receive, from the identity provider, a result of an authentication of the client based on the authentication information. Whether to permit the requested connection to the target resource can then be determined based on the result of the authentication of the client.

Abstract: Systems and methods are provided for providing web-based authentication for non-web based clients. The systems and methods include receiving, from a non-web based client, a request to connect to a target resource and invoking a web navigation application. The web navigation application can execute remotely from the client on a server and a display of the web navigation application can be provided to the non-web based client. The web navigation application can be directed to an identity provider an can receive, from the client, in response to the display of the web navigation application, authentication information. The web navigation application can receive, from the identity provider, a result of an authentication of the client based on the authentication information. Whether to permit the requested connection to the target resource can then be determined based on the result of the authentication of the client.

Abstract: The disclosed embodiments include systems and methods for securing an asset-to-asset cloud communication environment. The disclosed embodiments may involve identifying an asset spun up in the cloud communication environment based on a notification identifying the spun up asset, determining that the spun up asset will require authorization to achieve at least some secure communication functionality with a different asset in the cloud communication environment, automatically authenticating the spun up asset based on authentication information from a trusted source to the spun up asset, automatically determining, based on the authenticating, whether the spun up asset is authorized to perform secure communication functionality with at least one different asset, and automatically performing a control action, based on the authenticating, to enable the spun up asset to perform the secure communication functionality with the at least one different asset.