Abstract: In one embodiment, control-flow information comprising an indication of function execution order for an application may be generated using source code for the application. Function information for the application may be identified, the function information comprising an indication of an execution context for a function of the application. A model graph to test the application may be generated based on the control-flow information and the function information.

Abstract: Methods, systems, and devices for user authentication are described. A first device may generate a keypair at a secure module. The keypair includes a public key and a private key that is stored at the secure module. The first device may authenticate the first device and a user of the first device with an identity management platform and may generate a header at an authentication client based on the authenticating. The header may be generated in accordance with an application-layer protocol for demonstrating proof-of-possession (DPoD). The first device may collect device signals and sign the header with the private key and the device signals based on a web client invoking the authentication client via a loopback interface and the authentication client accessing the secure module. The first device may transmit the signed header to a server of the identity management platform via the web client.

Abstract: An identity provider (IdP) defines an interface for obtaining device posture signals in a flexible manner. Third-party signal providers author plugins that conform to the defined interface and make the plugins available to the organizations that use their services. The plugins incorporate the third-party signals into the authentication logic of the IdP, allowing the authentication logic to obtain organization-defined information about client device posture of the client devices on which user authentication is taking place. This permits different organizations that use the IdP to tailor their authentication processes to the particular types of signals available to them, and to their own particular organization policies. This allows, for example, conformity to organization policies such as user data use policies.

Abstract: An identity provider (IdP) defines an interface for obtaining device posture signals in a flexible manner. Third-party signal providers author plugins that conform to the defined interface and make the plugins available to the organizations that use their services. The plugins incorporate the third-party signals into the authentication logic of the IdP, allowing the authentication logic to obtain organization-defined information about client device posture of the client devices on which user authentication is taking place. This permits different organizations that use the IdP to tailor their authentication processes to the particular types of signals available to them, and to their own particular organization policies. This allows, for example, conformity to organization policies such as user data use policies.

Abstract: An identity provider (IdP) defines an interface for obtaining device posture signals in a flexible manner. Third-party signal providers author plug-ins that conform to the defined interface and make the plug-ins available to the organizations that use their services. The plug-ins incorporate the third-party signals into the authentication logic of the IdP, allowing the authentication logic to obtain organization-defined information about client device posture of the client devices on which user authentication is taking place. This permits different organizations that use the IdP to tailor their authentication processes to the particular types of signals available to them, and to their own particular organization policies. This allows, for example, conformity to organization policies such as user data use policies.

Abstract: A service provider provides flexible access to services using an identity provider. The service provider is associated with a custom access policy used by the identity provider to authenticate access requests associated with client devices for services of the client system. The custom access policy describes a set of access levels corresponding to variable levels of access to services of the service provider. The identity provider authenticates access requests by client devices using one or more device signals from the client devices. In some embodiments, the identity provider determines a device trust score for the client device using the one or more device signals. The identity provider provides an authentication response to the client system based on the custom access policy. The client system uses the authentication response to determine an access level for the client device from the set of access levels described by the custom access policy.

Abstract: A service provider provides flexible access to services using an identity provider. The service provider is associated with a custom access policy used by the identity provider to authenticate access requests associated with client devices for services of the client system. The custom access policy describes a set of access levels corresponding to variable levels of access to services of the service provider. The identity provider authenticates access requests by client devices using one or more device signals from the client devices. In some embodiments, the identity provider determines a device trust score for the client device using the one or more device signals. The identity provider provides an authentication response to the client system based on the custom access policy. The client system uses the authentication response to determine an access level for the client device from the set of access levels described by the custom access policy.

Abstract: A service provider provides flexible access to services using an identity provider. The service provider is associated with a custom access policy used by the identity provider to authenticate access requests associated with client devices for services of the client system. The custom access policy describes a set of access levels corresponding to variable levels of access to services of the service provider. The identity provider authenticates access requests by client devices using one or more device signals from the client devices. In some embodiments, the identity provider determines a device trust score for the client device using the one or more device signals. The identity provider provides an authentication response to the client system based on the custom access policy. The client system uses the authentication response to determine an access level for the client device from the set of access levels described by the custom access policy.

Abstract: A service provider provides flexible access to services using an identity provider. The service provider is associated with a custom access policy used by the identity provider to authenticate access requests associated with client devices for services of the client system. The custom access policy describes a set of access levels corresponding to variable levels of access to services of the service provider. The identity provider authenticates access requests by client devices using one or more device signals from the client devices. In some embodiments, the identity provider determines a device trust score for the client device using the one or more device signals. The identity provider provides an authentication response to the client system based on the custom access policy. The client system uses the authentication response to determine an access level for the client device from the set of access levels described by the custom access policy.