The new entitlement engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls. SaaS-based customer identity and access management (CIAM) provider Frontegg has launched an entitlements engine, an authorization management capability aimed at helping app developers and revenue teams streamline access authorization.The new engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls, Frontegg said. It will be added to Frontegg’s namesake CIAM platform, which features a suite of identity management capabilities that includes authentication, onboarding flow design, user management, self-serve account management, etc.“The old way of building SaaS apps required the use of many different solutions to solve in-app entitlements — role-based access control (RBAC), attribute-based access control (ABAC), feature flag management, subscription management, free trial provisioning anomaly detection, and others, requiring a lot of APIs and working with many different vendors,” Sagi Rodin, chief executive officer at Frontegg, said in a press release. “With our CALC-powered Entitlements Engine, we provide all of this functionality and more in a single API.” Frontegg showcased the new capability at the Identiverse conference in Las Vegas this week and has made it immediately available to users. Frontegg’s CALC streamlines authorizationThe new entitlements engine allows developers to shift entitlement workstreams left, letting anyone make changes formerly requiring additional code or additional vendor integrations, according to the company.The idea is to expand on existing CIAM systems’ focus on authentication for protection against phishing, account takeovers, and other identity-related attacks, to allow for authorization management, defining the type and number of resources to be accessed. “In today’s SaaS environments, the next step after authentication is authorization — once the customer logs in, they need to be authorized to use a subset of features and access a subset of available data,” said Jack Poller, an analyst at ESG Global. “Each SaaS environment has unique authorization requirements — a cloud file store (Microsoft OneDrive, Box, Dropbox, etc.) have simple entitlements such as read, modify, or share, whereas other environments can have complex and multiple entitlements.”These complex entitlements need to support user access controls, role-based access controls, and attribute-based access controls, Poller added.Frontegg’s CALC enables SaaS app developers to incorporate a user database for both authentication and authorization.“With our CALC-powered entitlements engine, we provide all of this functionality and more in a single API,” Rodin said in the press release. “We can do this because we have the contextual awareness to make the right decision based on business logic — which users can access which feature, field, or API — automatically.”Centralized dashboard for multiple solutionsThe engine provides a visual dashboard to allow non-technical users to design product bundles for entitlement without the need for additional codes, complex configurations, or products from vendors, according to the company. “Every entitlement in a SaaS solution requires developers to write corresponding code to check authorization and control access,” Poller said. “Using Frontegg’s CALC solution means developers can streamline the development process, consolidating the user database, authentication, and authorization, and skip straight from defining entitlements and control points to enforcement without writing code to check authorization.” Frontegg’s entitlement engine allows engineering, product, and business teams to create endless customizations for customers, making entitlement changes “as simple as toggling a button,” according to the company.These include capabilities like customized free trials, feature flag control for individual user permissions, time-based assignment of entitlements, entitlement assignment DIYs for SaaS resellers and channels, and ABAC for full customization.The engine also enables blocking or requiring additional measures such as multifactor authentication for users by tapping into real-time identity attributes such as geolocation, impossible travel, device type, network signature, and client vision. Related content news analysis 5 key takeways from Verizon's 2024 Data Breach Investigations Report The rapid of exploitation of zero-day vulnerabilities, such as MOVEit, and the effectiveness of ransomware attacks are two of the major findings from last year’s breach data. By Rosalyn Page May 01, 2024 5 mins Data Breach Zero-day vulnerability Data and Information Security feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff May 01, 2024 15 mins Technology Industry IT Skills Events feature 3 Windows vulnerabilities that may not be worth patching Some vulnerabilities eat up a security team’s time and resources yet provide little or nothing in the way of true protection. Some may even introduce more risk to a network. By Susan Bradley May 01, 2024 7 mins Windows Security Patch Management Software Security Practices news analysis Chinese threat actor engaged in multi-year DNS resolver probing effort The unusual and persistent probing activity over the span of multiple years should be a reminder to organizations to identify and remove all open DNS resolvers from their networks. By Lucian Constantin Apr 30, 2024 7 mins Cyberattacks Network Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe