Identity Protection

Secure legacy identity workflows

Cloud email accounts are the unofficial identity layer of the web and the key to many other apps. Material Identity Protection discovers and protects legacy authentication workflows, limits the impact of compromised identities, and contains new tools to govern Shadow IT.

How it works

If someone gets access to the inbox, they usually have keys to the kingdom. This is such a game-changer.

Ryan Donnon

Director of IT, First Round Capital

Uncover SSO gaps

Stop lateral account takeovers

Block unwanted apps

Find and address SSO gaps

Discover unfederated and misconfigured apps that still use legacy authentication. Material provides a list of third-party apps used at your organization and the accounts using them by detecting signup confirmations, password resets, and other automated messages.

Material shows us which apps are at play via the inbound emails from those applications. It gives us new visibility. By understanding what’s at risk, we can make better decisions overall.

Vince Parras

Corporate Security and Audit, Carta

Case Study

Email as the key to your other services has massively changed over the years. It’s connected to far more sensitive accounts and more of them. Today, your email identity is more important than passwords or 2FA.

Fredrick “Flee” Lee

CSO, Gusto

Case Study

A compromised account shouldn't compromise all accounts

Someone with access to an email account can break into other apps tied to that email by initiating password resets—a common form of Account Takeover (ATO). Material limits lateral account takeovers by adding a simple authentication step to access password resets and other identity verification messages.



Material blocks delivery of identity verification emails such as password resets or signup approvals and sends users a challenge message instead.



Users confirm messages they requested by verifying their identity via an existing identity provider or custom workflow.



After verification, Material delivers blocked messages to the user's mailbox so they can continue their workflow as usual.

Identity Protection was a force multiplier for us. It allowed our security team to enhance our identity layer program and gain visibility —all while being able to enforce a second factor on top of everything.

Brad Chivukula

VP Engineering, Collective Health

Case Study

We use a lot of SaaS services and protecting them from inappropriate access is critical. Material gives us peace of mind because it prevents account takeovers even if a particular service is not set up with SSO and MFA.

Lisa Hall

Director - Information Security, PagerDuty

Case Study

Block unwanted apps

Users can bypass SSO or OAuth restrictions by signing up for apps with their email. Material intercepts signup emails from blocked apps so users have to go through proper channels for authorization.

Protecting accounts at organizations of all shapes and sizes

Simple to deploy, run, and trust

Material integrates in minutes via Microsoft 365 and Google Workspace APIs with zero downtime. Customers get a single-tenant, isolated instance and complete control over the underlying infrastructure.

Learn More

Painless deployment

Implement protections selectively for specific users or teams. Material deploys instantly via APIs without affecting email delivery.

Your data, owned by you

Deploy into an isolated, single-tenant instance. Have it managed by Material or exclusively by your team.

Fully extensible

Use the Material API and built-in integrations to export events, build custom workflows, and leverage existing security investments.

Explore more ways to protect your organization