Zero Trust Web Access

Manage who has access to what company web apps through a simple policy-based framework that authenticates and authorizes every request in real-time

Start a Free Trial  Watch a Demo

Better security without impacting productivity

Today's workforce isn't limited to the walls of the office, they're working from remote locations, using a wide range of cloud services and SaaS apps. The traditional network perimeter security model no longer applies, leaving companies vulnerable and employees frustrated.

Google got it right with their BeyondCorp initiative, effectively redesigning their corporate security architecture with the user experience top of mind. We built our Web Access product following the same Zero Trust principles as Google. Access to company web apps is only granted once the user and device are fully authenticated and authorized at the application layer, eliminating trust from the network. As an added bonus, you no longer need to use a corporate VPN, which makes everyone happy.

 

Why choose ScaleFT Web Access

Policy-driven Access Controls
Policy-driven Access Controls

Specify who has access to what through simple team and role based controls. Further protect sensitive apps with policies that factor in additional controls such as ensuring that the user’s device is up to date.

Centralized Traffic Handling
Centralized Traffic Handling

All traffic to company web applications flows through a central gateway. This delivers a consistent authentication and authorization workflow, as well as provides a logical monitoring and logging point.

Transparent End User Workflow
Transparent End User Workflow

For the users, logging into web applications is straightforward, with ScaleFT handling the workflow behind the scenes. Every request is processed, with any needed remediation tips given back to the user.

Our fresh approach to web access management

ScaleFT Zero Trust Web Access
  • Users run the lightweight ScaleFT Client on their devices so authorization decisions can be made based on its security posture

  • Requests to internal applications flow through a reverse proxy to perform real-time authentication and authorization

  • The ScaleFT Access Fabric is continually collecting data to feed into the Authorization Engine for smarter decision making
  • Managers specify who has access to what resources through role based access controls and policies that factor in device conditions

  • Requests are authenticated with the Identity Provider configured for the team - Okta, G Suite, Active Directory, etc.

  • Valid requests are issued an ephemeral credential to initiate a secure session, while denied requests are redirected to a helper service

We deliver the most expansive feature set on the market

OpenID Connect Workflow
OpenID Connect Workflow

ScaleFT integrates with your corporate Identity Provider for governance, and also operates an OpenID Connect workflow for a streamlined authentication and authorization workflow well suited for company apps.

Reverse Proxy Service
Access Proxy

The gateway that all requests flow through is a highly available reverse proxy service built to handle large volumes of traffic. The proxy protects the web apps from the public Internet, and handles the auth workflow.

Scoped JSON Web Tokens
Scoped JSON Web Tokens

Successfully authorized requests are issued a single-use JSON web token scoped to the user, client device, and resource being accessed. The token includes attestations of user identity and authorization, which origin servers can validate cryptographically.

Custom URL Handler API
Custom URL Handler API

ScaleFT exposes a public API that supports additional customization for features such as manager approval. The API also integrates with a client-side URL Handler that allows you to build event-driven workflows on top of ScaleFT.

Self-Remediation Helper
Self-Remediation Helper

If a request is not authorized, the user is told exactly why they were denied access, with tips for self-remediation. This is exposed through friendly human language instead of an opaque error message.

Session Management
Session Management

ScaleFT monitors the end user session and is continually reevaluating trust in the background. Should a policy change or a user’s status change, the active session will be notified for any action to be taken.

"If a company like ScaleFT can help get us there, we're 100% on the BeyondCorp model. We won’t be able to do it ourselves and I was very grateful to be able to see a company like ScaleFT come along and solve a lot of the hard parts. It's not very often you get to read something that Google's doing and say, 'Hey, we can do that too now!'"

- Ryan Seekely, Director of Infrastructure and Security at Quid

Featured Resources
Latest Blog Posts

Ready to go Zero Trust?

All of our plans start with a 30 day free trial. No credit card required. See our flexible Pricing Plans.

Start a Free Trial Request a Demo