SaaS-based customer identity and access management (CIAM) provider Frontegg has launched an entitlements engine, an authorization management capability aimed at helping app developers and revenue teams streamline access authorization.The new engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls, Frontegg said. It will be added to Frontegg\u2019s namesake CIAM platform, which features a suite of identity management capabilities that includes authentication, onboarding flow design, user management, self-serve account management, etc.\u201cThe old way of building SaaS apps required the use of many different solutions to solve in-app entitlements \u2014 role-based access control\u00a0(RBAC), attribute-based access control\u00a0(ABAC), feature flag management, subscription management, free trial provisioning anomaly detection, and others, requiring a lot of APIs and working with many different vendors,\u201d Sagi Rodin, chief executive officer at Frontegg, said in a press release. \u201cWith our CALC-powered Entitlements Engine, we provide all of this functionality and more in a single API.\u201dFrontegg showcased the new capability at the Identiverse conference in Las Vegas this week and has made it immediately available to users.Frontegg\u2019s CALC streamlines authorizationThe new entitlements engine allows developers to shift entitlement workstreams left, letting anyone make changes formerly requiring additional code or additional vendor integrations, according to the company.The idea is to expand on existing CIAM systems\u2019 focus on authentication for protection against phishing, account takeovers, and other identity-related attacks, to allow for authorization management, defining the type and number of resources to be accessed.\u201cIn today\u2019s SaaS environments, the next step after authentication is authorization \u2014 once the customer logs in, they need to be authorized to use a subset of features and access a subset of available data,\u201d said Jack Poller, an analyst at ESG Global. \u201cEach SaaS environment has unique authorization requirements \u2014 a cloud file store (Microsoft OneDrive, Box, Dropbox, etc.) have simple entitlements such as read, modify, or share, whereas other environments can have complex and multiple entitlements.\u201dThese complex entitlements need to support user access controls, role-based access controls, and attribute-based access controls, Poller added.Frontegg\u2019s CALC enables SaaS app developers to incorporate a user database for both authentication and authorization.\u201cWith our CALC-powered entitlements engine, we provide all of this functionality and more in a single API,\u201d Rodin said in the press release.\u00a0 \u201cWe can do this because we have the contextual awareness to make the right decision based on business logic \u2014 which users can access which feature, field, or API \u2014 automatically.\u201dCentralized dashboard for multiple solutionsThe engine provides a visual dashboard to allow non-technical users to design product bundles for entitlement without the need for additional codes, complex configurations, or products from vendors, according to the company.\u00a0\u201cEvery entitlement in a SaaS solution requires developers to write corresponding code to check authorization and control access,\u201d Poller said. \u201cUsing Frontegg\u2019s CALC solution means developers can streamline the development process, consolidating the user database, authentication, and authorization, and skip straight from defining entitlements and control points to enforcement without writing code to check authorization.\u201dFrontegg\u2019s entitlement engine allows engineering, product, and business teams to create endless customizations for customers, making entitlement changes \u201cas simple as toggling a button,\u201d according to the company.These include capabilities like customized free trials, feature flag control for individual user permissions, time-based assignment of entitlements, entitlement assignment DIYs for SaaS resellers and channels, and ABAC for full customization.The engine also enables blocking or requiring additional measures such as multifactor authentication\u00a0for users by tapping into real-time identity attributes such as geolocation, impossible travel, device type, network signature, and client vision.