Policies that follow the identity, not the network. Ixiea evaluates who someone is — and what they are allowed to do — at the gateway choke point on every session.
IdP
Okta · Azure AD
RBAC
Groups · roles
Session
Named operator
Network
VPN · subnet
Brokered
Target account
Policy follows the person, not the subnet or shared account.
Firewalls answer whether a packet may arrive. Identity-bound policy answers whether this person may open this session to this target right now. Network location, VPN membership, and shared jump box accounts are poor proxies for intent. The IdP is the source of truth for subject attributes.
Network-centric
VPN membership · subnet reachability · shared jump box
Identity-bound
Who · what target · right now
IdP is the source of truth for subject attributes
IdP sync
Okta · Azure AD · LDAP · SCIM
RBAC + login ACLs evaluate at gateway connect
Group membership, role assignments, employment type (employee vs contractor), MFA status, and login ACL rules (source IP, time window) feed RBAC checks at connect time. Attributes sync from Okta, Azure AD, LDAP, or SCIM-backed directories — users live in the IdP, permissions in core.
Operators authenticate as themselves; the gateway maps to target accounts via secrets brokering. Session recordings show named individuals — not admin or root. Shared break-glass accounts, if retained, are time-boxed, approval-gated, and recorded at higher fidelity.
alice@company
Operator authenticates as themselves
Gateway brokering
Target account injected · never shown
Recording shows named individual — not shared admin
Onboard
IdP group mapped
Active
Grants in effect
Revoke
Deprovision sync
Vendor TTL expires · no orphaned bastion keys
When someone leaves or changes teams, IdP deprovisioning removes their grants on the next sync — no hunt for orphaned SSH keys on bastions. Vendor identities expire automatically when contracts end. Permission changes in core apply to new sessions; historical audit records retain the identity that was active at connect time.
Operational docs
Related guides
Time-bound, approval-gated elevation with automatic revocation when the window closes.
Inject credentials at connect time, operators never see or hold standing secrets.
Discover accounts on assets, rotate passwords on schedule, and push credentials without manual vault hygiene.
Ready to evaluate?
Walk through gateway brokering, recording, and audit exports in a working session — or browse the illustrated product flow first.
