Cyber Security

Cyber Security

Feature overview - Conditional Access

Jul 4, 2025

|

5

min read


Dynamic, context-aware access control for AI Agents

In a world of distributed teams, remote access, and ever-changing risk surfaces, static Role-Based Access Control (RBAC) isn’t always enough. That’s why we’re excited to launch Conditional Access in AuthSec—a flexible way to define access rules based on real-time context.

With Conditional Access, you can enforce policies like:

  • Allow access only during business hours

  • Restrict access to specific geolocations or IP ranges

  • Enforce device posture or MFA when risk is detected

  • Apply dynamic rules based on group, role, or organization

  • Block access entirely in high-risk scenarios

Why Conditional Access?

RBAC is great for baseline permission models—but real-world access decisions often depend on context:

Is this user logging in from a new device?
Are they in a restricted country?
Is this a service account behaving unusually?

Conditional Access lets you enforce these kinds of policies without hardcoding logic into your app.

How It Works

AuthSec evaluates conditions at runtime based on signals like:

  • IP address / CIDR blocks

  • Country or region (via geo-IP lookup)

  • Time of day / day of week

  • User group or role

  • Device or network metadata (when available)

  • MFA status and assurance level

  • User risk - a variable assigned to each user that identifies risk from a scale of 1-10

  • Session risk - a variable assigned to each session that identifies risk from a scale of 1-10

  • trusted devices - automatically identified by our AI agents as trusted devices

  • trusted loations - automatically idenfied regions based on trust worthy behavior as trusted locations

When a login or token request is made, AuthSec evaluates all applicable rules and either:

  • Grants access

  • Prompts for additional verification

  • Denies the request entirely

All without touching your backend logic.

Use Cases

Here are some real-world scenarios where Conditional Access shines:

Scenario

Policy

Remote login from untrusted IP

Deny access

Service account outside of business hours

Require MFA

Login from blocked country

Deny access

Sensitive role access

Sensitive role access

Built for Developers

Conditional Access in AuthSec is:

  • Declarative – Define policies in the admin console or via API

  • Dynamic – No need to redeploy your app when policies change

  • Auditable – Every decision is logged and reviewable

  • Composable – Combine with RBAC, MFA, and organization scoping

Your app just consumes a token with embedded permissions—AuthSec handles the heavy lifting.

Example Policy (YAML)

name: deny_outside_business_hours
action: deny
user_groups: all
conditions:
  - time:
      before: "09:00"
      after: "18:00"
  - not:
      ip:
        in: ["192.168.0.0/16", "203.0.113.0/24"]

Get Started

Conditional Access is now live in all AuthSec environments.

Start building policies that adapt to context—without sacrificing developer experience or security assurance.

Logo

Company

Blog

About us

Product

Pricing

Privacy Policy

Terms & Conditions

© 2025 AuthSec. All rights reserved

Logo

Company

Blog

About us

Product

Pricing

Privacy Policy

Terms & Conditions

© 2025 AuthSec. All rights reserved

Logo

Company

Blog

About us

Product

Pricing

Privacy Policy

Terms & Conditions

© 2025 AuthSec. All rights reserved