The future of SSO is adaptive. With Extended Access Policies (XAP), exclusively from OneIdP, access decisions go beyond passwords and devices. Layering multiple access conditions into every login, XAP sets a new standard for secure access.
Strengthen Zero Trust with adaptive, condition-based access decisions
Reduce credential risks by moving beyond static access checks
Unify identity and compliance into a single, seamless framework
Access isn’t just about who the user is—it’s about the trustworthiness of the device, the network, the location, and the application posture. By verifying access based on compliance signals, IP, location, OS & app update status, OneIdP XAP ensures access is granted only when every condition aligns. If something falls short, XAP doesn’t just block—it guides users toward remediation, making access both uncompromisingly secure and user-aware. It is here, where SSO meets context at scale.
Expand the standard SSO authentication flow by checking not just who the user is but also how, where, and from what environment they’re trying to access the service.
Compliance
Verify device compliance before granting access. XAP checks encryption, jailbreak/root status, security patches, and policy adherence to ensure only trusted devices enter the SSO flow.
IP
Enforce network-aware access. Restrict or allow logins based on trusted IP ranges, detect anomalies, and prevent sign-ins from unrecognized or high-risk networks.
Location
Control access by geography. Apply geofencing rules that grant access only from approved regions and block attempts from unexpected or restricted locations.
App Status
Validate application posture. Confirm that required enterprise apps are installed, running, and in an approved state before access is granted.
OS & Updates
Keep endpoints current. Check for minimum OS version, critical patches, and update status to block outdated or vulnerable systems from connecting to SSO apps.
