Koprivac logoKoprivac
Phase 1 pre-launch access decision engine

Access is a decision, not just authentication

Koprivac (KPC) helps teams control access using identity, trusted devices, MFA, context, and policy. Every request is checked before access is granted.

Request DemoSee How It Works

KPC decision engine

Identity → Device → MFA → Context → Policy → Decision

ALLOWCHALLENGEDENY

Identity

User verified

Device

Trusted laptop

MFA

TOTP confirmed

Context

Known location

Policy

Rule matched

Final decision

Allowed

ALLOWCHALLENGEDENY

The access gap

A login event is not the same as a trusted access decision.

Authentication alone is not enough

A valid sign-in still needs a decision that checks the device, context, and policy before access is granted.

Unknown devices create risk

Koprivac helps teams register, approve, and revoke devices so unmanaged endpoints do not become silent access paths.

Access decisions lack visibility

Security teams need to see why access was allowed, challenged, or denied across identity, device, and context signals.

Decision engine

From login events to access decisions

KPC evaluates every request through context and policy, then returns a response that can be allowed, denied, challenged, and logged.

1

REQUEST

Who is asking for access?

2

CONTEXT

From where, when, and which device?

3

POLICY

What rules apply?

4

DECISION

Allow, deny, or challenge

5

RESPONSE

Grant access and log the result

Allow approved access
Challenge with TOTP MFA
Deny risky requests

Core capabilities

Built around the Phase 1 access path.

KPC focuses on the controls needed to evaluate access today: identity, device trust, MFA, context, policy, SAML SSO, and decision visibility.

Device Trust Enforcement

Require registered and approved devices before sensitive SaaS access continues.

Passwordless Login

Support a cleaner authentication path for enrolled users without centering the password.

TOTP MFA

Validate standards-based one-time codes when policy calls for an additional check.

Policy-Based Access Control

Evaluate access with IP, location, time, and device state as decision inputs.

Google Workspace SAML SSO

Connect Google Workspace sign-in to the KPC access decision flow.

Decision Logs & Visibility

Review allowed, challenged, denied, and logged decisions from the admin panel.

How it works

An access journey that ends with a clear response.

1

User attempts login

Evaluated as part of the KPC access decision path.

REQUESTED
2

Device is verified

Evaluated as part of the KPC access decision path.

VERIFIED
3

MFA is validated

Evaluated as part of the KPC access decision path.

VALIDATED
4

Context is evaluated

Evaluated as part of the KPC access decision path.

CHECKED
5

Policy is applied

Evaluated as part of the KPC access decision path.

APPLIED
6

Decision is made

Evaluated as part of the KPC access decision path.

DECIDED
7

Access is granted, challenged, or denied

Evaluated as part of the KPC access decision path.

RESPONDED
8

Event is logged

Evaluated as part of the KPC access decision path.

LOGGED

Admin control panel

Operate users, devices, policies, and decision logs in one view.

The Phase 1 console focuses on the controls that can be demoed today: device registration and approval, device revocation, policy configuration, audit logs, and email notifications for onboarding, MFA, and device events.

KPC admin console

Device-aware access decisions

Pre-launch

Devices

Approved, pending, revoked

Policy

IP, location, time, device

Notifications

Onboarding, MFA, device

UserDeviceMFAPolicyDecision

employee@company.com

Approved

Verified

Enforced

Allowed

contractor@company.com

Pending approval

Required

Enforced

Challenged

admin@company.com

Revoked

Verified

Enforced

Denied

Policy status

Device trust enforced
TOTP MFA available
Decision events logged

Use cases

Practical controls for the access risks teams see today.

Secure employee access

Combine identity, MFA, trusted devices, and policy checks for workforce sign-ins.

Block unmanaged devices

Stop access attempts from devices that have not been registered and approved.

Enforce trusted-device login

Require device approval and support revocation when a device should no longer be trusted.

Protect Google Workspace access

Put Google Workspace SAML SSO behind the KPC access decision engine.

Security & trust

Clear controls. Clear decisions. Clear audit trail.

KPC keeps the message grounded: enforce trusted-device access, validate MFA, apply policy, and record the decision outcome for review.

Device-bound access

MFA enforcement

Policy-driven control

Audit-ready logs

Admin visibility

Email event notifications

Pre-launch demo

See access decisions in action

Request a pre-launch demo of Koprivac and see how identity, device, context, and policy work together before access is granted.

Request Demo

Early access requests are reviewed manually.

Prefer to contact us directly?

contact@koprivac.com