Secure legacy identity workflows
Cloud email accounts are the unofficial identity layer of the web and the key to many other apps. Material Identity Protection discovers and protects legacy authentication workflows, limits the impact of compromised identities, and contains new tools to govern Shadow IT.
How it works
If someone gets access to the inbox, they usually have keys to the kingdom. This is such a game-changer.
Director of IT, First Round Capital
Uncover SSO gaps
Stop lateral account takeovers
Block unwanted apps
Find and address SSO gaps
Discover unfederated and misconfigured apps that still use legacy authentication. Material provides a list of third-party apps used at your organization and the accounts using them by detecting signup confirmations, password resets, and other automated messages.
Material shows us which apps are at play via the inbound emails from those applications. It gives us new visibility. By understanding what’s at risk, we can make better decisions overall.”
Corporate Security and Audit, Carta
A compromised account shouldn't compromise all accounts
Someone with access to an email account can break into other apps tied to that email by initiating password resets—a common form of Account Takeover (ATO). Material limits lateral account takeovers by adding a simple authentication step to access password resets and other identity verification messages.
Material blocks delivery of identity verification emails such as password resets or signup approvals and sends users a challenge message instead.
Users confirm messages they requested by verifying their identity via an existing identity provider or custom workflow.
After verification, Material delivers blocked messages to the user's mailbox so they can continue their workflow as usual.
Identity Protection was a force multiplier for us. It allowed our security team to enhance our identity layer program and gain visibility —all while being able to enforce a second factor on top of everything.”
VP Engineering, Collective Health
Block unwanted apps
Users can bypass SSO or OAuth restrictions by signing up for apps with their email. Material intercepts signup emails from blocked apps so users have to go through proper channels for authorization.
Protecting accounts at organizations of all shapes and sizes
Simple to deploy, run, and trust
Material integrates in minutes via Microsoft 365 and Google Workspace APIs with zero downtime. Customers get a single-tenant, isolated instance and complete control over the underlying infrastructure.
Implement protections selectively for specific users or teams. Material deploys instantly via APIs without affecting email delivery.
Your data, owned by you
Deploy into an isolated, single-tenant instance. Have it managed by Material or exclusively by your team.
Use the Material API and built-in integrations to export events, build custom workflows, and leverage existing security investments.
Explore more ways to protect your organization
Data Protection for Google Drive
Control the sprawl of confidential information spread across your shared file repositories
Detect and remediate inbound threats, automate response to user reports, and train users with real attacks