Continuous Authentication That Never Stops Watching
Authenticate with Passkey. Monitor with continuous intelligence. Your users' phones become the unbreakable source of truth from login to logout.
The Gap Attackers Exploit
Traditional authentication checks credentials once—at login. But what happens in the 30 minutes, 2 hours, or full workday after that? Credentials get stolen mid-session. Devices change hands. Users move to unexpected locations. And your security system has no idea until it's too late.
Built as One. Not Bolted Together.
Most CA solutions force you to integrate multiple vendors—authentication here, monitoring there, enforcement somewhere else. We architected Pulse CA as a single, elegant framework where every component was designed to work together from day one.
No Integration Headaches
It's already integrated. The OIDC provider, Auth device, and PDP were built to work together—no duct-taping vendor APIs or hoping they'll talk to each other.
No Gaps in Coverage
The OIDC provider orchestrates authentication, knows session state, and controls logout. CA monitoring starts exactly when it should and stops when the session ends—no blind spots.
Instant Enforcement
PDP trust decisions flow directly to the OIDC provider managing your session. No separate enforcement layer. No hoping policies get applied. Immediate action.
Single Pane of Glass
Correlation IDs link every event from authentication through monitoring to enforcement. Complete audit trail. One cohesive system—not three vendors pointing fingers at each other.
The Complete Framework Components
Four integrated parts working as one elegant system
1. OIDC Client
Your application - any OIDC-compatible app integrates seamlessly. The client initiates login and relies on the OIDC provider for all authentication and session management.
2. OIDC/SAML Provider
The orchestration hub. Manages authentication ceremonies (Passkey or Auth), maintains session state, receives real-time PDP decisions, and enforces policy. Links everything with correlation IDs.
3. Auth Device (User's Phone)
Bonds with users via behavioral patterns and PIN. Continuously streams trust metrics (Identity, Proximity, Location, Device Health) to the PDP throughout the entire session—regardless of authentication method used.
4. Policy Decision Point (PDP)
The analysis engine. Receives real-time metrics from Auth devices, calculates trust scores continuously, makes enforcement decisions (continue, step-up, terminate), and feeds results to the OIDC provider.
From Pre-Auth to Logout: Complete Session Coverage
The Complete Framework in Action
1. Pre-Authentication Setup
Auth app is installed on user's phone, bonding with the user through behavioral patterns and PIN. CA monitoring capabilities are ready before first login.
2. Authentication Event
User initiates login to your application. Our OIDC/SAML provider orchestrates the authentication ceremony. First-time users choose to register either Passkey (FIDO2) or Auth as their authenticator. Returning users are automatically authenticated with their preferred method. Session correlation ID is established.
3. Continuous Monitoring Begins
Regardless of which authenticator was used for login, Auth app immediately begins streaming trust metrics to the cloud PDP: Identity validation through behavioral patterns, Proximity verification via Bluetooth, Location monitoring via GPS/network, and Device health tracking.
4. Real-Time Analysis & Enforcement
Throughout the entire session, the PDP continuously analyzes trust scores and feeds decisions to our OIDC/SAML provider for enforcement. High trust: Session continues. Medium trust: Step-up required. Low trust: Session terminated. Normal logout: CA monitoring ends gracefully.
Built for Your Business Model
For MSPs & Their SMB Clients
Complete CA Framework. Simple Deployment.
- Complete Solution: Authentication (Passkey + Auth), Analysis (PDP), Session Management (OIDC/SAML)—everything needed for continuous authentication
- Compliance Made Simple: Meet ZTA, CMMC, and NIST requirements with automated, real-time enforcement throughout the entire session
- Flexible Scaling: Per-user subscription for up to 1,000 users, on-premises licensing for larger deployments
Pricing Model:
- Subscription: User/month pricing for ≤1,000 users
- Licensed: On-premises deployment for >1,000 users
For AI Agent Platforms
License the Complete CA Framework
- Differentiate Your Offering: Complete continuous authentication framework (Auth + PDP + OIDC/SAML) becomes your competitive advantage
- Passkey-First Authentication: Aligned with Apple, Google, Microsoft, and FIDO Alliance standards—plus continuous monitoring
- Enterprise-Ready Security: Give your AI agents continuous trust verification from login to logout
Integration Model:
- Annual licensing of complete framework
- On-premises deployment
- White-label capabilities
Built on Modern Security Frameworks
Zero Trust Architecture (ZTA)
Continuous verification aligns perfectly with "never trust, always verify" principles
CMMC
Meet Cybersecurity Maturity Model Certification requirements with real-time monitoring and enforcement
NIST
Aligned with NIST guidelines for continuous diagnostics and mitigation
The Attacks That Slip Through Traditional Auth
Mid-Session Credential Theft
Traditional Auth: ✗ User logged in at 9 AM. Credentials stolen at 11 AM. System has no idea.
Pulse CA: ✓ Behavioral anomaly detected immediately. Session terminated. Threat neutralized.
Unexpected Location Change
Traditional Auth: ✗ User authenticated from Boston. Now accessing from Romania. Still trusted.
Pulse CA: ✓ Location violation triggers immediate step-up authentication or session termination.
Device Compromise
Traditional Auth: ✗ Phone jailbroken mid-session. Full access continues.
Pulse CA: ✓ Device health monitoring detects compromise. Access revoked instantly.