How customers use SGNL’s Access APIs to tackle their most complex access challenges
For customers with diverse application landscapes that include niche SaaS applications or homegrown applications, it can be a challenge to find a scalable solution for building and maintaining connections between these systems and your identity landscape. Often, this results in a piecemeal approach to how policies are enforced and dependencies on open-source solutions. Often requiring notable engineering investments, or an inability to get the degree of enforcement or reporting on enforcement your team requires.
SGNL’s Access APIs are a suite of APIs and SDKs built for modern access management in the modern enterprise’s application landscape. Access APIs enable SGNL to connect to any application in your organization to inform and audit access decisions run through SGNL Policy Engine.
Protected Systems can make authorization requests using Access APIs and the Policy Engine will return the dynamic and context-informed access decision back to the control point or application.
Apart from securing access to any application, SGNL Access APIs give identity teams the ability to request detailed information about authorization decisions, the assets that authorized principals can access, or the principals allowed to access a specific asset according to the configured policy.
What is included in the suite of SGNL Access APIs? We will examine each of the Access APIs and explore how SGNL customers utilize these APIs.
At the heart of the suite of SGNL Access APIs is the Access Evaluation API, which addresses the fundamental question most organizations have with regards to access to protected assets:
Can this Principal perform an Action on an Asset?
Based on business context from Systems of Record, including SaaS applications like Salesforce or Workday, at the time of the request, the Access API returns a clear “Allow” or “Deny” response.
A multi-national financial firm operates a portal that centralizes platform access for partners. Certain features of the platform require unique, enhanced security measures and the organization’s access policies must enforce access to meet strict compliance guidelines and allow only specific, authorized actions.
The solution leverages SGNL’s human-readable policies, the Access Evaluation API, and the SGNL Policy Engine with business context ingested from the firm’s Systems of Record. The policy enforcement works as follows:
For more information on the Access Evaluation API, please refer to our help documentation on policy enforcement and our API developer documentation.
The Asset Search API shifts the focus to the “what” instead of the “who”. It allows organizations to answer the following question:
What Assets can this Principal perform an Action on?
The Asset Search API returns the set of organizational assets a principal (user or system) can access. The response also contains all attributes of the assets allowing the caller to take further action on the response.
A technology company wanted to change the management of access by various internal teams to customer data in AWS S3 buckets. The primary objective is to remove standing access to customer AWS S3 buckets, replacing it with a tightly controlled and monitored system where access is temporary and tied to specific business justifications.
The solution leverages SGNL’s human-readable policies, the Asset Search API and organization data ingested from the customer’s Systems of Record and works as follows:
This solution allows for just-in-time access to customer S3 buckets, with no static permissions. Access is managed through easy-to-maintain and human-readable SGNL policies.
For more information on the Asset Search API, please refer to our help documentation on policy enforcement and our API developer documentation.
Sometimes, organizations need to flip the perspective and ask the question:
Which Principals can perform an Action on this Asset?
The Principal Search API returns the set of principals (users or systems) that are permitted by policy to perform the specified actions on the asset. The response also contains all attributes of the principal allowing the caller to take further action on the response.
A global technology holding company wants to secure their support case management system. Using fine-grained policy enforcement, the CMS will only present options to users authorized by the relevant policies to handle the case.
The solution leverages SGNL’s human-readable policies and the business context derived from the customer’s Systems of Record, as well as the Principal Search API, and functions as follows:
For more information on the Principal Search API, please refer to our help documentation on policy enforcement and our API developer documentation.
Our comprehensive suite of Access APIs offers robust configurability and can integrate any enterprise’s diverse technology stack to SGNL for dynamic, context-based and fine-grained access management
Want more of the latest identity-first security topics and trends delivered to your inbox? Helpful and insightful content, no fluff.