Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: Described herein are methods, systems, and computer-readable storage media for using a network identity. Techniques may include obtaining and encrypting a first data element using an encryption key and storing the encrypted first data element mapped to a network identity. Techniques may further include receiving a request from the network identity to perform an action on a resource and authenticating the network identity using an existing protocol, decrypting the first data element using a second data element calculated based on standard fields of the existing protocol, and enabling the action on the resource using the first data element.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: Systems and methods are provided for providing web-based authentication for non-web based clients. The systems and methods include receiving, from a non-web based client, a request to connect to a target resource and invoking a web navigation application. The web navigation application can execute remotely from the client on a server and a display of the web navigation application can be provided to the non-web based client. The web navigation application can be directed to an identity provider an can receive, from the client, in response to the display of the web navigation application, authentication information. The web navigation application can receive, from the identity provider, a result of an authentication of the client based on the authentication information. Whether to permit the requested connection to the target resource can then be determined based on the result of the authentication of the client.

Abstract: Systems and methods are provided for providing web-based authentication for non-web based clients. The systems and methods include receiving, from a non-web based client, a request to connect to a target resource and invoking a web navigation application. The web navigation application can execute remotely from the client on a server and a display of the web navigation application can be provided to the non-web based client. The web navigation application can be directed to an identity provider an can receive, from the client, in response to the display of the web navigation application, authentication information. The web navigation application can receive, from the identity provider, a result of an authentication of the client based on the authentication information. Whether to permit the requested connection to the target resource can then be determined based on the result of the authentication of the client.

Abstract: The disclosed embodiments include systems and methods for securing an asset-to-asset cloud communication environment. The disclosed embodiments may involve identifying an asset spun up in the cloud communication environment based on a notification identifying the spun up asset, determining that the spun up asset will require authorization to achieve at least some secure communication functionality with a different asset in the cloud communication environment, automatically authenticating the spun up asset based on authentication information from a trusted source to the spun up asset, automatically determining, based on the authenticating, whether the spun up asset is authorized to perform secure communication functionality with at least one different asset, and automatically performing a control action, based on the authenticating, to enable the spun up asset to perform the secure communication functionality with the at least one different asset.