Zero Trust Web Access

Manage who has access to what company web apps through a simple policy-based framework that authenticates and authorizes every request in real-time

Join the Pre-release Program

* ScaleFT Web Access is currently available to select customers in beta

Employee security without impacting productivity

Today’s workforce isn’t limited to their desktop workstations. Employees increasingly work remotely from mobile devices, and the enterprise applications they use everyday are operated in the cloud. The traditional network perimeter security model doesn’t work well in this new reality, leaving companies vulnerable and employees frustrated.

As evidenced by Google’s BeyondCorp, the Zero Trust model is a more effective architecture for the modern cloud era. We built our platform from the ground up, closely following the principles of Zero Trust. Through configurable access policies, access to company web apps is granted based on the user and device attempting to connect to a specific resource – eliminating trust from the network, which mitigates common attack vectors, and makes employees happy to not have to use a VPN.

  • Encourages good employee security posture
  • Simple to understand policy framework
  • Built for performance and reliability
  • Enterprise-grade platform with dedicated support
  • Integrates with any Identity Provider
  • Includes built-in PKI with end-to-end encryption
Contact Us to Learn More

Why choose ScaleFT Web Access

Policy-driven Access Controls
Policy-driven Access Controls

Specify who has access to what through simple team and role based controls. Further protect sensitive apps with policies that factor in additional controls such as ensuring that the user’s device is up to date.

Centralized Traffic Handling
Centralized Traffic Handling

All traffic to company web applications flows through a central gateway. This delivers a consistent authentication and authorization workflow, as well as provides a logical monitoring and logging point.

Transparent End User Workflow
Transparent End User Workflow

For the users, logging into web applications is straightforward, with ScaleFT handling the workflow behind the scenes. Every request is processed, with any needed remediation tips given back to the user.

Our fresh approach to identity & access management

ScaleFT Zero Trust Web Access
  • Users run the ScaleFT Client on their devices to monitor its state and to maintain good security posture

  • Requests flow through access gateway, that is a reverse proxy to centralize the traffic for real-time authentication and authorization

  • The ScaleFT Access Fabric is continually collecting data to feed into the Authorization Engine for smarter decision making
  • Managers create policies to specify who has access to what resources, and the device requirements to connect to a resource

  • Requests are authenticated with the Identity Provider configured for the team - Active Directory, Google Apps, Okta, etc.

  • Valid requests are issued an ephemeral credential to initiate a secure session, while denied requests are redirected to a helper service

We deliver the most expansive feature set on the market

OpenID Connect Workflow
OpenID Connect Workflow

ScaleFT integrates with your corporate Identity Provider for governance, and also operates an OpenID Connect workflow for a streamlined authentication and authorization workflow well suited for company apps.

Reverse Proxy Service
Reverse Proxy Service

The gateway that all requests flow through is a highly available reverse proxy service built to handle large volumes of traffic. The proxy protects the web apps from the public Internet, and handles the auth workflow.

Scoped JSON Web Tokens
Scoped JSON Web Tokens

Successfully authorized requests are issued a single-use JSON web token scoped to the user, connecting device, and resource being accessed. User metadata is injected into the token, which is encrypted.

Custom URL Handler API
Custom URL Handler API

ScaleFT exposes a public API that supports additional customization for features such as manager approval. The API is backed by a URL Handler that allows you to build event-driven workflows on top of ScaleFT.

Self-Remediation Helper
Self-Remediation Helper

If a request is not authorized, the user is told exactly why they were denied access, with tips for self-remediation. This is exposed through friendly human language instead of the usual archaic messaging.

Session Management
Session Management

ScaleFT monitors the end user session and is continually reevaluating trust in the background. Should a policy change or a user’s status change, the active session will be notified for any action to be taken.

Featured Resources
Latest Blog Posts

Ready to go Zero Trust?

All of our plans start with a 30 day free trial. No credit card required. See our flexible Pricing Plans.

Start a Free Trial Request a Demo