The new entitlement engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls.
SaaS-based customer identity and access management (CIAM) provider Frontegg has launched an entitlements engine, an authorization management capability aimed at helping app developers and revenue teams streamline access authorization.
The new engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls, Frontegg said. It will be added to Fronteggβs namesake CIAM platform, which features a suite of identity management capabilities that includes authentication, onboarding flow design, user management, self-serve account management, etc.
βThe old way of building SaaS apps required the use of many different solutions to solve in-app entitlements β role-based access control (RBAC), attribute-based access control (ABAC), feature flag management, subscription management, free trial provisioning anomaly detection, and others, requiring a lot of APIs and working with many different vendors,β Sagi Rodin, chief executive officer at Frontegg, said in a press release. βWith our CALC-powered Entitlements Engine, we provide all of this functionality and more in a single API.β
Frontegg showcased the new capability at the Identiverse conference in Las Vegas this week and has made it immediately available to users.
Fronteggβs CALC streamlines authorization
The new entitlements engine allows developers to shift entitlement workstreams left, letting anyone make changes formerly requiring additional code or additional vendor integrations, according to the company.
The idea is to expand on existing CIAM systemsβ focus on authentication for protection against phishing, account takeovers, and other identity-related attacks, to allow for authorization management, defining the type and number of resources to be accessed.
βIn todayβs SaaS environments, the next step after authentication is authorization β once the customer logs in, they need to be authorized to use a subset of features and access a subset of available data,β said Jack Poller, an analyst at ESG Global. βEach SaaS environment has unique authorization requirements β a cloud file store (Microsoft OneDrive, Box, Dropbox, etc.) have simple entitlements such as read, modify, or share, whereas other environments can have complex and multiple entitlements.β
These complex entitlements need to support user access controls, role-based access controls, and attribute-based access controls, Poller added.
Fronteggβs CALC enables SaaS app developers to incorporate a user database for both authentication and authorization.
βWith our CALC-powered entitlements engine, we provide all of this functionality and more in a single API,β Rodin said in the press release. βWe can do this because we have the contextual awareness to make the right decision based on business logic β which users can access which feature, field, or API β automatically.β
Centralized dashboard for multiple solutions
The engine provides a visual dashboard to allow non-technical users to design product bundles for entitlement without the need for additional codes, complex configurations, or products from vendors, according to the company.
βEvery entitlement in a SaaS solution requires developers to write corresponding code to check authorization and control access,β Poller said. βUsing Fronteggβs CALC solution means developers can streamline the development process, consolidating the user database, authentication, and authorization, and skip straight from defining entitlements and control points to enforcement without writing code to check authorization.β
Fronteggβs entitlement engine allows engineering, product, and business teams to create endless customizations for customers, making entitlement changes βas simple as toggling a button,β according to the company.
These include capabilities like customized free trials, feature flag control for individual user permissions, time-based assignment of entitlements, entitlement assignment DIYs for SaaS resellers and channels, and ABAC for full customization.
The engine also enables blocking or requiring additional measures such as multifactor authentication for users by tapping into real-time identity attributes such as geolocation, impossible travel, device type, network signature, and client vision.
