PLATFORM · CONDITIONAL ACCESS

Conditional Access Policies enable granular access control

Plus — AI agents autonomously generate and review policies for IP address ranges, device posture, user behavior, session risk, and beyond.

Sign up freeGet in touch
Authnull
Dashboard
Identities
Endpoints
RADIUS
Policies
Access Control
Databases
Settings
Policies
Policy Co-PilotAdd Policy
Policy NameTypePolicy ActionStatus
AD_User_Access_...ADAllowedPending
AD_Login_Policy_...ADAllowedPending
AD Policy for User...ADAllowedPending
AD_User_Asif_Ac...ADAllowedPending
AD Policy for aa o...ADAllowedPending
AI policy co-pilot
Location & network controls
Just-in-time access
Identity & session risk
Database protection
SEE IT IN ACTION

Watch Conditional Access in action

See how AuthNull enforces granular conditional access policies across Active Directory, Linux, and databases — with AI-generated policies from the Policy Co-Pilot.

ACTIVE DIRECTORY

Conditional Access for Active Directory

Native conditional access for on-prem AD — no Entra P1 license, Intune enrollment, or account syncing required.

Agentless and agent-based enforcement
Enforce at the network layer with no client installs, or deploy a Windows logon provider for endpoint-level control.
AI-generated policies via Policy Co-Pilot
The AI Co-Pilot analyzes your AD environment and auto-generates context-aware policies — no manual rule authoring needed.
Talk to an expert
AD Policies · AI Generated● Policy Co-Pilot active
AD_User_Access_...Allowed
AD_Login_Policy_...Allowed
AD Policy for User...Allowed
AD_User_Asif_Ac...Allowed
AD Policy for aa o...Allowed
Generated by: AuthNull AI Co-Pilot · Active Directory
LINUX · PAM MODULE

Conditional Access for Linux

PAM module enforces conditional access on every Linux host — SSH sessions, sudo commands, and local logons, no VPN required.

UBA-driven access decisions
Access adapts to each user's behavioral baseline — network, device trust, and session risk signals drive every decision.
AD and local account support
Works on AD-joined and local Linux accounts, with built-in breakglass for emergency access.
Talk to an expert
Conditional Access · Linux
SSH Session — Active
alex@workstation:~$ ssh prod-db-01
→ UBA check: trusted network ✓
→ Device posture: compliant ✓
→ Session risk: LOW ✓
Access granted · session recording: on
policy: linux-uba-conditional
ttl: 4h · breakglass: enabled
RADIUS / TACACS+

Conditional Access for Radius / TACACS+

Extends conditional access to VPN, Wi-Fi, and network devices via a lightweight Radius bridge — zero infrastructure changes.

802.1x and TACACS+ out of the box
Location, device posture, and risk policies on every Radius auth — no hardware replacement or NPS changes required.
Per-profile and per-SSID enforcement
Per Wi-Fi network or VPN profile rules automatically block non-compliant devices or step up to MFA by risk.
Talk to an expert
Radius Conditional Access
vpn.corp → MFA + location checkenforced
wifi.corp/staff → device trustenforced
802.1x → TACACS+ bridgeactive
no infrastructure changes · Radius Bridge active
WINDOWS · LOGON PROVIDER

Conditional Access for Windows

Policy enforcement at the Windows logon screen — domain-joined machines and standalone workstations both covered.

Custom Windows credential provider
MFA and policy checks apply at the credential provider level — before any session is granted, even offline.
AI policy recommendations for your fleet
Policy Co-Pilot flags risky logon patterns and recommends tighter policies fleet-wide — no manual audit cycles.
Talk to an expert
Windows Logon · Custom Provider
Windows Credential Provider
Domain join check
Device trust verified
IP range policy
MFA challenge
Session policy applied
provider: authnull-logon-provider v3.1
DATABASE PROTECTION

Conditional Access for Open Source Databases

Lightweight proxy delivers conditional access to your databases — blocking unauthorized users and unmanaged AI agents from sensitive data.

PostgreSQL, MySQL, and MariaDB supported
Full enforcement across your open source database fleet via proxy — no application code changes required.
All controls at the database layer
Location, risk, time-bound, and JIT policies all enforce at the database connection level.
Talk to an expert
postgres-prod · Conditional Access● live
nicole ● active · JIT 2h window
diego ● active · time-bound 09:00–17:00
llm-rag ● blocked · no policy match
proxy: authnull-db-proxy:5432
engines: PostgreSQL · MySQL · MariaDB
controls: location · risk · JIT · time-bound

Compare Conditional Access

See how AuthNull stacks up against Azure Conditional Access.

Azure Conditional AccessAuthNull
Active Directory on-premises
Yes. But requires Intune and an Entra P1 license.
Yes. Natively supported with Agentless and Agent-based setup.
Radius Conditional Access
Natively supported
Natively supported
Database Conditional Access
Not supported
Supported for PostgreSQL, MySQL, and MariaDB
Entra ID as the identity store
Supported natively
Support available soon
Linux Conditional Access
Not supported
Native support with database-specific policies
Starting cost
$$ · $10+ per user per month
$ · $6 per user per month

Entra ID is a trademark of Microsoft Corporation. AuthNull is not affiliated with Microsoft Corporation and this information is not endorsed by Microsoft Corporation.

Setup a Demo

Meet with our team to see AuthNull's conditional access policies in action — across Active Directory, Linux, databases, and more.

See the Policy Co-Pilot generate AD policies automatically
Watch just-in-time access eliminate standing privileges live
Understand how session and identity risk scores drive policy enforcement
Talk to an expert