UserLock capabilities

Enforce MFA everywhere, even offline and in air-gapped networks. Apply straightforward, granular MFA differently across different connections and session types without adding complexity or frustrating end users.

Extend secure access to SaaS, without migrating identity to the cloud. UserLock SSO federates AD identity authentication at the Windows login to SaaS access, so you can seamlessly apply MFA and access controls for Microsoft 365, SharePoint, and other SaaS apps.

Tailor access rules to real-world conditions using factors like AD user, group, or OU (role), device, IP address, geolocation, and time. 




Decide which machines users can log in from, preventing access from unmanaged or unauthorized devices. 


Limit access to working hours only to control when accounts can be used to reduce after-hours threats and policy violations.

Set different policies for RDP, VPN, workstation logins, UAC prompts, and more, reducing friction. 


Stop account sharing, prevent lateral movement, and restrict simultaneous sessions to reduce risk.

See and control access by session type, from login to logoff, in real time.

Get live alerts on suspicious activity and act to log off or block users.

Prove access controls are in place to meet compliance and cyberinsurance requirements. Generate searchable, exportable reports across logons, user session history, MFA events, and more.

Stop privilege escalation with MFA on UAC prompts and report on administrator actions.