Continuous Facial Authentication
SecureAuth SessionGuardian adds a powerful post-login security layer that continuously verifies user presence, detects risky behaviors like shoulder surfing, and enforces re-authentication during suspicious or idle sessions.
While Device Trust ensures only compliant devices can log in, SessionGuardian ensures the authenticated user remains the one in control for the entire session.
Common challenges
- Session hijacking after legitimate login
- Credential handoff between users
- Screen sharing / shoulder surfing risks in shared environments
- Unattended sessions that remain active without logout
- Compliance mandates for continuous identity assurance
SecureAuth capabilities
Continuous biometric verification
Perform periodic facial checks via SecureAuth desktop or mobile agent to confirm the original user is still active with low-friction, background verification.
Shoulder surfing & screen sharing detection
Detect additional or unknown faces in the frame and automatically lock the session, alert the user, and notify security teams.
Risk-based session management
Adjust session TTL, require step-up MFA, or terminate sessions based on behavioral anomalies, inactivity, or real-time risk scores.
Agent-based deployment
Uses the same SecureAuth agent as Device Trust for simplified deployment across browser, desktop, and VDI environments.
Policy-driven control
Configure enforcement via SecureAuth's visual policy engine by defining triggers, response actions, and notification rules.
How it differs from Device Trust
| Aspect | Device Trust | SessionGuardian |
|---|---|---|
| When | Pre-login | Post-login |
| Purpose | Validate device compliance before granting access | Ensure the authenticated user stays active and in control |
| Triggers | Device state, OS version, MDM status | Facial match, presence detection, behavioral anomalies |
| Audience | IT & Infrastructure | Security & Compliance teams |
Key benefits
✔ Stops session hijacking and credential handoff
✔ Enforces Zero Trust after login
✔ Reduces fraud and insider misuse in shared device setups
✔ Helps meet continuous identity assurance compliance requirements
Recommended for
- Financial services. Organizations with high-value transactions requiring continuous identity verification
- Healthcare environments. Facilities handling PHI or sensitive patient records
- Call centers. Operations with shared workstation models and multiple users
- Regulated industries. Companies with session assurance and continuous monitoring mandates