Continuous Authentication and AuthZEN for MSPs and AI Service Providers

Whether you deliver managed security to businesses or build AI-powered services that act on behalf of users, you need continuous trust verification and policy enforcement you can prove. Pulse CA delivers both.

For MSPs For AI Service Providers

A Shared Security Foundation

MSPs and AI Service Providers face different markets and different customers—but a common underlying challenge: they are responsible for the security of actions taken on behalf of other people. Whether that is an employee accessing company data through an MSP-managed environment, or an AI agent executing a workflow on behalf of a user, the security requirements converge at the same point: continuous, verifiable trust.

Pulse CA provides that foundation. Continuous Authentication establishes and maintains trust throughout a session. AuthZEN provides the policy evaluation framework that controls what agents and users are permitted to do within that trusted session.

For MSPs: Complete CA Framework Your Clients Can Deploy Today

Your SMB clients face the same threats as Fortune 500 companies—credential theft, session hijacking, insider threats—without the dedicated security teams or budgets to address them. You need security that deploys fast, runs without babysitting, and translates directly into recurring revenue.

1. Complete Framework—Not a Collection of Tools

The Problem: Point solutions do not solve continuous authentication. Your clients need authentication, monitoring, analysis, and enforcement working as a single system.

The Pulse Solution:

  • Authentication Layer: Passkey (FIDO2) for seamless login + Auth app for continuous monitoring
  • Analysis Layer: Cloud PDP for real-time trust score calculation across four metrics
  • Session Management: OIDC/SAML provider with full session lifecycle awareness and automated enforcement

No hardware. No complex network changes. No manual monitoring. Deploy in hours, not weeks.

2. Compliance Made Sellable

  • Zero Trust Architecture: Continuous verification throughout the session satisfies "never trust, always verify"
  • CMMC: Automated real-time monitoring and enforcement meets continuous diagnostics mandates
  • NIST Alignment: Framework aligns with NIST SP 800-207 and continuous authentication guidelines
  • Built-in Audit Trails: All metrics and decisions linked by correlation ID, uploadable to Splunk HEC for compliance reporting

Your benefit: Compliance becomes a revenue opportunity and a retention driver, not a support burden.

3. Flexible Scaling Across Your Client Base

Subscription Model

For Smaller Clients (up to 1,000 users)

  • User/month pricing for the complete framework
  • Cloud-hosted PDP—zero infrastructure
  • Add/remove users as clients grow
  • Predictable monthly billing

Licensed Model

For Larger Clients (over 1,000 users)

  • On-premises deployment of complete framework
  • Full control for clients who require it
  • One-time licensing with annual support
  • Higher margin opportunity for you

Real Scenarios Where Pulse Protects Your Clients

Remote Workforce

Scenario: Client has 50 employees working from home, coffee shops, and co-working spaces.

Risk: No way to know if the person who logged in at 9 AM is still the person using the session at 3 PM.

Pulse Protection: Auth app continuously monitors behavioral patterns and proximity. If the device changes hands or the user steps away, the session terminates or triggers step-up. 3D location monitoring (latitude, longitude, and barometric altitude) flags impossible travel and floor-level displacement — detecting an attacker in the same building but on a different floor.

BYOD Environments

Scenario: Client allows employees to use personal devices for work access.

Risk: Personal phones get jailbroken, compromised, or handed to family members mid-session.

Pulse Protection: Device Health trust score monitors for jailbreaks and hijacks in real time. Proximity monitoring confirms the authenticated user's phone stays near the device in use.

High-Value Target Industries

Scenario: Client in healthcare, finance, or legal—high-value data, constant credential threat.

Risk: A stolen password alone is enough to cause catastrophic damage under single-checkpoint authentication.

Pulse Protection: Multi-factor continuous verification (Identity + Proximity + 3D Location + Device Health) makes attack far more difficult. Step-up authentication available for AAL3-compliant MFA when peak assurance is required.

Schedule MSP Demo

For AI Service Providers: Trust and Policy Enforcement for the Age of Agentic AI

You build services where AI agents act on behalf of users—executing workflows, accessing data, making decisions, spawning sub-tasks. Your customers love the capability. Their security teams are asking questions you need to answer convincingly. Pulse CA, combining Continuous Authentication with AuthZEN, gives you those answers.

The Foundational Principle: Every Agent Has a Human Origin

Every AI agent—no matter how autonomous, no matter how long it runs or how many sub-agents it spawns—was launched by a human. That human origin is the immutable anchor of your security model.

An autonomous agent may create additional agents, delegate tasks, and operate for hours without human input. But it and every agent it creates can be traced back to the human who initiated the chain. This is not merely a philosophical point—it is the basis for a rigorous, auditable, and enforceable security architecture.

This principle has a practical corollary: if the originating human's trust status changes—their session is revoked, their continuous authentication score degrades, their credentials are compromised—that signal should propagate through the agent chain. Pulse CA, through the combination of Continuous Authentication and AuthZEN, gives you the infrastructure to implement exactly that.

Think of it as chain-of-custody for AI agency. Pulse CA enforces the chain.

Continuous Authentication: The Trust Foundation for Agent Sessions

Traditional authentication checks credentials once—at launch. An AI agent session running for two hours has no mechanism to detect if the human who started it is still authorized. Pulse CA's continuous monitoring resolves this. From the moment the human launches the agent session, the Auth app streams four live trust metrics to the cloud PDP:

  • Identity Trust Score: Behavioral patterns continuously confirm the right person is present
  • Proximity Trust Score: Bluetooth verification confirms the user's phone remains near the authenticated device
  • 3D Location Trust Score: GPS and barometric altitude monitoring detects unexpected location changes — including vertical displacement within a building, distinguishing floor by floor
  • Device Health Trust Score: Monitors the phone for compromise, jailbreak, and hijack attempts

If scores degrade, enforcement is immediate: step-up authentication, agent session pause, or full termination—before damage occurs.

AuthZEN: Policy Enforcement That Travels with the Agent

AuthZEN provides the authorization layer governing what agents are permitted to do within a trusted session. Where Continuous Authentication answers "is this session still trustworthy?", AuthZEN answers "is this specific action permitted, given current trust context?" AuthZEN evaluators are embedded in the Pulse OIDC and SAML providers — relying parties and AI platforms query them inline and register callback endpoints to receive push notifications when trust state changes. Full authorization architecture →

  • Dynamic policy evaluation: Agent actions evaluated against current trust scores in real time—not just at session start
  • Scope-bound delegation: Agents receive only the permissions authorized for their specific task, traceable to the originating human
  • Sub-agent authorization chain: When an agent spawns child agents, each inherits a scoped authorization linked back to the human origin with full traceability
  • Step-up triggers for high-privilege actions: Sensitive operations can require real-time re-evaluation or human confirmation before proceeding
  • Audit-ready authorization decisions: Every decision logged with trust context, correlation ID, and human origin

The Complete Answer to Enterprise Security Teams

When asked "how do you ensure your AI agents do not exceed their authority or continue operating after the authorizing user's access is revoked?", here is your answer:

  • Every agent session is anchored to a verified human identity via OIDC with a unique correlation ID
  • That human's trust is monitored continuously across four independent metrics
  • Every agent action is evaluated against AuthZEN policy incorporating real-time trust scores
  • If the human's trust degrades or their session is terminated, the agent chain is revoked immediately
  • Every decision is logged and linked by correlation ID for complete, auditable traceability

That is Zero Trust applied properly to agentic AI—directly auditable and compliant with ZTA, CMMC, and NIST frameworks out of the box.

Where This Matters in Practice

Long-Running Agentic Workflows

Scenario: User launches an AI agent to execute a multi-hour data analysis or complex multi-step workflow.

Risk: Credentials stolen 20 minutes in. The agent continues operating with unauthorized identity for the remaining duration.

Pulse Protection: Continuous monitoring detects the behavioral anomaly immediately. Trust score drops. AuthZEN re-evaluation blocks further agent actions. Session terminated. The attacker gets minutes, not hours.

Multi-Agent Chains

Scenario: Primary agent spawns three sub-agents to handle parallel tasks, each accessing different data domains.

Risk: If the root human session is compromised, all downstream agents should stop—but traditional auth has no mechanism to propagate that revocation through the chain.

Pulse Protection: All agents in the chain carry the originating human's correlation ID. Revocation propagates through AuthZEN policy evaluation to all child agents simultaneously. Audit trail intact.

High-Privilege Agent Actions

Scenario: AI agent requests access to sensitive financial records, customer PII, or system configuration.

Risk: Point-in-time auth cannot detect if the trust context has changed between session start and the moment of high-privilege access.

Pulse Protection: AuthZEN evaluates the action request against current trust scores at the moment of the request. If scores have degraded, the action is blocked or routed for step-up human confirmation.

Regulated Industry Deployments

Scenario: Enterprise customer in healthcare, finance, or government evaluating your AI service against strict Zero Trust requirements.

Risk: Security team blocks adoption because you cannot demonstrate continuous trust verification and authorization auditability.

Pulse Protection: Continuous Authentication plus AuthZEN provides full ZTA alignment. Every session continuously verified. Every authorization decision logged. On-premises deployment available for data sovereignty requirements.

Schedule AISP Architecture Review

Ready to Get Started?

Try the Demo

Experience continuous authentication live—install the Auth app and watch trust scores update in real time.

Start Self-Serve Demo

Schedule a Walkthrough

See the complete architecture including AuthZEN integration in a guided WebEx session.

Schedule WebEx Demo

Explore Integrator Options

Licensing the complete Pulse CA framework for embedding in your platform or product.

View Integrator Options