Pricing

Zero Trust Network Access for Every Organization

Get started quickly

Free
Up to 50 users
Included features:
  • Legacy VPN replacement
  • Global Edge Network
  • One-click access to applications and networks
  • Basic Zero Trust policies
  • Audit & reporting

Grow your ZTNA footprint

$7*
Minimum 20 users
All features in Team, plus:
  • Enterprise single sign-on
  • Self-hosted Private Edge
  • Granular Zero Trust policies
  • Customizable trust factors
  • Resource discovery
  • Automation workflows

SSE for large organizations

Call
Custom add-ons &
volume pricing available
All features in Business, plus:
  • Policies for SaaS applications
  • Zero Touch deployment
  • Integration with UEM/EDR
  • Threat prevention
  • Dedicated support

* Per user/month, billed annually

Team
Free
Sign Up
Business
$7
Contact Sales
Enterprise
Call
Contact Sales
Deployment
infoFlexible Edge architecture provides fast and reliable connections to your users around the world
Global Edge Network
infoUse identity-aware gateways hosted and managed by Banyan in our global edge
Private Edge
infoSelf-host Banyan's identity-aware gateway in your own datacenters and cloud infrastructure
infoCloud management interface for Operations & Security admins to configure Zero Trust connectivity
Cloud Command Center
infoCentral management console that you can interact with via the web portal or the RESTful API
Private Command Center
infoCentral management console dedicated to your organization
add-on
infoNative support for all your device operating systems
Desktop
infoCross-platform desktop application for Windows, macOS, and Linux
Mobile
infoMobile app for iOS and Android, downloadable from Apple App Store and Google Play Store
Connectivity
infoEnable network access to private subnets using WireGuard VPN
Private Networks
infoProvide access to private subnets (RFC-1918 ranges) and private domains (internal DNS servers)
Split Tunneling
infoSelect specific subnets and domains (private or public) that need to be tunneled
Full Tunneling
infoTunnel all network traffic from devices
Site-to-Site Tunnels
infoConnect multiple private networks together to be accessed as a single flat network
Add-on
infoConnect to internal HTTP applications using browser-only OpenID Connect flows
Custom Domains
infoPublish applications using your organization's corporate domains
Let's Encrypt Certificates
infoUse default-browser-trusted certificates issued by a public Certificate Authority
Application Authentication
infoOffload authentication and claims mapping to the identity-aware proxy, simplifying application authNZ
Programmatic Access
infoUse API tokens (instead of managing fragile IP whitelists) for scripting and automation
Clientless Desktop Access
infoLeverage the Apache Guacamole gateway to access your desktops from a web browser
add-on
infoConnect to internal TCP services using short-lived X.509 certificates
Catalog and Bundles
infoOrganize your infrastructure resources and publish them to end users
Linux Servers (SSH)
infoAccess Linux machines using any SSH client
SSH AuthNZ & Audit
infoEnable SSH certificate authentication, AuthorizedPrincipals, and audit logging
add-on
Kubernetes API
infoAccess the Kubernetes API using any Kubernetes client
Kubernetes AuthNZ & Audit
infoEnable Kubernetes OIDC authentication, RBAC authorization, and audit logging
add-on
Windows Servers (RDP)
infoAccess Windows machines from any RDP client
Databases
infoAccess database servers, such PostgreSQL and MySQL, using their native clients
infoEnforce device trust policies for cloud SaaS applications using SAML/OIDC federation and certificate authentication
SAML and OIDC Federation
infoDefine Zero Trust policies for individual, or groups of, SaaS applications
Identity Provider Cloaking
infoRestrict Cloud IDP access to registered devices to prevent password-stuffing and MFA-compromise attacks
Security
infoGranular, flexible least-privilege-access policies based on resource sensitivity
Trust Based Access Controls
infoContinuous authorization based on user and device context; real-time session revocation
User Roles
infoCreate policies based on user attributes such as department and IDP group
Device Roles
infoCreate policies based on device attributes such as Platform, Ownership, and Registration
API-level Policies
infoCreate Layer-7 policies to manage API access (hosted websites)
Network Policies
infoCreate Layer-4 policies to manage network access (Service Tunnels)
infoQuantify the level of trust and risk associated with your users and devices
Device Trust Scoring
infoAnalyze posture of a device, such as firewall, disk encryption, screen lock, OS version, etc. Control the effect when factors are not met.
Customizable Remediation
infoConfigure remediation instructions, such as messaging and links, shown to your end users
Trust Profiles
infoCustomize factors and policy effects based on groups of users and devices
Factors from EDR
infoIntegrate endpoint security signals into trust scoring (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender)
Factors from IDP
infoIntegrate Identity Provider user and group attributes into trust scoring (Okta, Azure AD, OneLogin)
Factors from UEM
infoIntegrate endpoint manager compliance checks into trust scoring (Workspace ONE UEM, Intune, Jamf)
infoGain a complete view into user and device risk for security and regulatory compliance
Device Posture Reporting
infoTrack all devices – managed and unmanaged – accessing corporate resources, as well as their security posture
Private Application Discovery
infoDiscover private applications accessed by your users; publish using zero trust policies
IaaS Resource Discovery
infoDiscover IaaS cloud resources used by your organization; publish using zero trust policies
SaaS Application Discovery
infoDiscover SaaS applications accessed by your users; understand risk due to unsanctioned "shadow IT" apps
Admin Activity Reporting
infoRecord all admistrator activity in the Cloud Command Center
infoBlock malicious websites and enforce acceptable use policy
add-on
DNS Layer Security
infoBlock domains with malware, phishing, botnet, or other high risk items
add-on
TLS Decryption Security
infoProxy and inspect web traffic by decrypting TLS; filter by category, threat level, and more
add-on
Integrate with existing SWG
infoRoute internet-bound traffic to a third-party Secure Web Gateway
add-on
infoIntegrate with tools in your security stack
Integration with SIEM
infoPipe security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic)
Integration with Enterprise PKI
infoUse certificates issued by your existing Public Key Infrastructure (PKI) solution
add-on
Operations
infoProvision access for all users - employees, contractors, vendors, etc. - accessing corporate resources
Local User Management
infoCreate users, update user information, and deactivate users
SSO for Users
infoUse corporate single sign-on (SSO) with just-in-time (JIT) user creation
Passwordless Authentication
infoEnable users to log in via your corporate single sign-on (SSO) provider without entering a username/password (IDP Federation required)
SSO for Admins
infoUse corporate single sign-on (SSO) with just-in-time (JIT) user creation for administrator access
Admin RBAC
infoCreate administrators with different profiles and privileges, such as ReadOnly, PolicyAuthor, etc.
infoMaintain an inventory of all devices - managed and unmanaged - accessing corporate resources
Device Registration
infoLightweight registration using the Banyan app, with trusted device certificates issued by Banyan-managed Private PKI
Self-Registration Options
infoEnable certain user populations to register their own devices using the Banyan app
Revocation and Banning
infoDisable access - temporarily or permanently - for a specific device
Unregistered Devices
infoAllow policy-based access from devices that do not possess a trusted device certificate
Zero Touch Install
infoRoll out the Banyan app to your device fleet without requiring any end-user interaction
Pre-Installed Device Certificates
infoUse pre-installed device certificates managed by your corporate endpoint manager
infoProgramatically manage Banyan objects and automate provisioning tasks
Banyan API
infoRESTful endpoint to configure Banyan objects
pyBanyan
infoPython library and command-line interface to interact with the Banyan API
Terraform
infoTerraform provider to interact with the Banyan API
infoUnderstand access patterns across all corporate resources and create Zero Trust scorecards
Real-time Event Stream
infoMonitor a real-time stream of user and device activity
Reporting Dashboards
infoAnalyze access activity patterns across your users, devices, and services
Certificate Logs
infoRecord all certificate issuance, rotation, and revocation
Service Monitoring
infoContinuous monitoring and service statistics from your identity-aware gateways
add-on
Customer Support and Success
Community
Knowledge Base
Banyan Community Membership
Email & Help Desk Support
Live Chat and Response SLAs Limited
Customer Success Team add-on
Technical Support Team add-on
Early Preview Features

* All prices expressed per user per month, billed annually.

Free
Deployment
infoFlexible Edge architecture provides fast and reliable connections to your users around the world
Global Edge Network
infoUse identity-aware gateways hosted and managed by Banyan in our global edge
Private Edge
infoSelf-host Banyan's identity-aware gateway in your own datacenters and cloud infrastructure
infoCloud management interface for Operations & Security admins to configure Zero Trust connectivity
Cloud Command Center
infoCentral management console that you can interact with via the web portal or the RESTful API
Private Command Center
infoCentral management console dedicated to your organization
infoNative support for all your device operating systems
Desktop
infoCross-platform desktop application for Windows, macOS, and Linux
Mobile
infoMobile app for iOS and Android, downloadable from Apple App Store and Google Play Store
Connectivity
infoEnable network access to private subnets using WireGuard VPN
Private Networks
infoProvide access to private subnets (RFC-1918 ranges) and private domains (internal DNS servers)
Split Tunneling
infoSelect specific subnets and domains (private or public) that need to be tunneled
Full Tunneling
infoTunnel all network traffic from devices
Site-to-Site Tunnels
infoConnect multiple private networks together to be accessed as a single flat network
infoConnect to internal HTTP applications using browser-only OpenID Connect flows
Custom Domains
infoPublish applications using your organization's corporate domains
Let's Encrypt Certificates
infoUse default-browser-trusted certificates issued by a public Certificate Authority
Application Authentication
infoOffload authentication and claims mapping to the identity-aware proxy, simplifying application authNZ
Programmatic Access
infoUse API tokens (instead of managing fragile IP whitelists) for scripting and automation
Clientless Desktop Access
infoLeverage the Apache Guacamole gateway to access your desktops from a web browser
infoConnect to internal TCP services using short-lived X.509 certificates
Catalog and Bundles
infoOrganize your infrastructure resources and publish them to end users
Linux Servers (SSH)
infoAccess Linux machines using any SSH client
SSH AuthNZ & Audit
infoEnable SSH certificate authentication, AuthorizedPrincipals, and audit logging
Kubernetes API
infoAccess the Kubernetes API using any Kubernetes client
Kubernetes AuthNZ & Audit
infoEnable Kubernetes OIDC authentication, RBAC authorization, and audit logging
Windows Servers (RDP)
infoAccess Windows machines from any RDP client
Databases
infoAccess database servers, such PostgreSQL and MySQL, using their native clients
infoEnforce device trust policies for cloud SaaS applications using SAML/OIDC federation and certificate authentication
SAML and OIDC Federation
infoDefine Zero Trust policies for individual, or groups of, SaaS applications
Identity Provider Cloaking
infoRestrict Cloud IDP access to registered devices to prevent password-stuffing and MFA-compromise attacks
Security
infoGranular, flexible least-privilege-access policies based on resource sensitivity
Trust Based Access Controls
infoContinuous authorization based on user and device context; real-time session revocation
User Roles
infoCreate policies based on user attributes such as department and IDP group
Device Roles
infoCreate policies based on device attributes such as Platform, Ownership, and Registration
API-level Policies
infoCreate Layer-7 policies to manage API access (hosted websites)
Network Policies
infoCreate Layer-4 policies to manage network access (Service Tunnels)
infoQuantify the level of trust and risk associated with your users and devices
Device Trust Scoring
infoAnalyze posture of a device, such as firewall, disk encryption, screen lock, OS version, etc. Control the effect when factors are not met.
Customizable Remediation
infoConfigure remediation instructions, such as messaging and links, shown to your end users
Trust Profiles
infoCustomize factors and policy effects based on groups of users and devices
Factors from EDR
infoIntegrate endpoint security signals into trust scoring (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender)
Factors from IDP
infoIntegrate Identity Provider user and group attributes into trust scoring (Okta, Azure AD, OneLogin)
Factors from UEM
infoIntegrate endpoint manager compliance checks into trust scoring (Workspace ONE UEM, Intune, Jamf)
infoGain a complete view into user and device risk for security and regulatory compliance
Device Posture Reporting
infoTrack all devices – managed and unmanaged – accessing corporate resources, as well as their security posture
Private Application Discovery
infoDiscover private applications accessed by your users; publish using zero trust policies
IaaS Resource Discovery
infoDiscover IaaS cloud resources used by your organization; publish using zero trust policies
SaaS Application Discovery
infoDiscover SaaS applications accessed by your users; understand risk due to unsanctioned "shadow IT" apps
Admin Activity Reporting
infoRecord all admistrator activity in the Cloud Command Center
infoBlock malicious websites and enforce acceptable use policy
add-on
DNS Layer Security
infoBlock domains with malware, phishing, botnet, or other high risk items
TLS Decryption Security
infoProxy and inspect web traffic by decrypting TLS; filter by category, threat level, and more
Integrate with existing SWG
infoRoute internet-bound traffic to a third-party Secure Web Gateway
infoIntegrate with tools in your security stack
Integration with SIEM
infoPipe security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic)
Integration with Enterprise PKI
infoUse certificates issued by your existing Public Key Infrastructure (PKI) solution
Operations
infoProvision access for all users - employees, contractors, vendors, etc. - accessing corporate resources
Local User Management
infoCreate users, update user information, and deactivate users
SSO for Users
infoUse corporate single sign-on (SSO) with just-in-time (JIT) user creation
Passwordless Authentication
infoEnable users to log in via your corporate single sign-on (SSO) provider without entering a username/password (IDP Federation required)
SSO for Admins
infoUse corporate single sign-on (SSO) with just-in-time (JIT) user creation for administrator access
Admin RBAC
infoCreate administrators with different profiles and privileges, such as ReadOnly, PolicyAuthor, etc.
infoMaintain an inventory of all devices - managed and unmanaged - accessing corporate resources
Device Registration
infoLightweight registration using the Banyan app, with trusted device certificates issued by Banyan-managed Private PKI
Self-Registration Options
infoEnable certain user populations to register their own devices using the Banyan app
Revocation and Banning
infoDisable access - temporarily or permanently - for a specific device
Unregistered Devices
infoAllow policy-based access from devices that do not possess a trusted device certificate
Zero Touch Install
infoRoll out the Banyan app to your device fleet without requiring any end-user interaction
Pre-Installed Device Certificates
infoUse pre-installed device certificates managed by your corporate endpoint manager
infoProgramatically manage Banyan objects and automate provisioning tasks
Banyan API
infoRESTful endpoint to configure Banyan objects
pyBanyan
infoPython library and command-line interface to interact with the Banyan API
Terraform
infoTerraform provider to interact with the Banyan API
infoUnderstand access patterns across all corporate resources and create Zero Trust scorecards
Real-time Event Stream
infoMonitor a real-time stream of user and device activity
Reporting Dashboards
infoAnalyze access activity patterns across your users, devices, and services
Certificate Logs
infoRecord all certificate issuance, rotation, and revocation
Service Monitoring
infoContinuous monitoring and service statistics from your identity-aware gateways
Customer Support and Success
Community
Knowledge Base
Banyan Community Membership
Email & Help Desk Support
Live Chat and Response SLAs
Customer Success Team
Technical Support Team
Early Preview Features

* All prices expressed per user per month, billed annually.

$7
Deployment
infoFlexible Edge architecture provides fast and reliable connections to your users around the world
Global Edge Network
infoUse identity-aware gateways hosted and managed by Banyan in our global edge
Private Edge
infoSelf-host Banyan's identity-aware gateway in your own datacenters and cloud infrastructure
infoCloud management interface for Operations & Security admins to configure Zero Trust connectivity
Cloud Command Center
infoCentral management console that you can interact with via the web portal or the RESTful API
Private Command Center
infoCentral management console dedicated to your organization
infoNative support for all your device operating systems
Desktop
infoCross-platform desktop application for Windows, macOS, and Linux
Mobile
infoMobile app for iOS and Android, downloadable from Apple App Store and Google Play Store
Connectivity
infoEnable network access to private subnets using WireGuard VPN
Private Networks
infoProvide access to private subnets (RFC-1918 ranges) and private domains (internal DNS servers)
Split Tunneling
infoSelect specific subnets and domains (private or public) that need to be tunneled
Full Tunneling
infoTunnel all network traffic from devices
Site-to-Site Tunnels
infoConnect multiple private networks together to be accessed as a single flat network
infoConnect to internal HTTP applications using browser-only OpenID Connect flows
Custom Domains
infoPublish applications using your organization's corporate domains
Let's Encrypt Certificates
infoUse default-browser-trusted certificates issued by a public Certificate Authority
Application Authentication
infoOffload authentication and claims mapping to the identity-aware proxy, simplifying application authNZ
Programmatic Access
infoUse API tokens (instead of managing fragile IP whitelists) for scripting and automation
Clientless Desktop Access
infoLeverage the Apache Guacamole gateway to access your desktops from a web browser
infoConnect to internal TCP services using short-lived X.509 certificates
Catalog and Bundles
infoOrganize your infrastructure resources and publish them to end users
Linux Servers (SSH)
infoAccess Linux machines using any SSH client
SSH AuthNZ & Audit
infoEnable SSH certificate authentication, AuthorizedPrincipals, and audit logging
Kubernetes API
infoAccess the Kubernetes API using any Kubernetes client
Kubernetes AuthNZ & Audit
infoEnable Kubernetes OIDC authentication, RBAC authorization, and audit logging
Windows Servers (RDP)
infoAccess Windows machines from any RDP client
Databases
infoAccess database servers, such PostgreSQL and MySQL, using their native clients
infoEnforce device trust policies for cloud SaaS applications using SAML/OIDC federation and certificate authentication
SAML and OIDC Federation
infoDefine Zero Trust policies for individual, or groups of, SaaS applications
Identity Provider Cloaking
infoRestrict Cloud IDP access to registered devices to prevent password-stuffing and MFA-compromise attacks
Security
infoGranular, flexible least-privilege-access policies based on resource sensitivity
Trust Based Access Controls
infoContinuous authorization based on user and device context; real-time session revocation
User Roles
infoCreate policies based on user attributes such as department and IDP group
Device Roles
infoCreate policies based on device attributes such as Platform, Ownership, and Registration
API-level Policies
infoCreate Layer-7 policies to manage API access (hosted websites)
Network Policies
infoCreate Layer-4 policies to manage network access (Service Tunnels)
infoQuantify the level of trust and risk associated with your users and devices
Device Trust Scoring
infoAnalyze posture of a device, such as firewall, disk encryption, screen lock, OS version, etc. Control the effect when factors are not met.
Customizable Remediation
infoConfigure remediation instructions, such as messaging and links, shown to your end users
Trust Profiles
infoCustomize factors and policy effects based on groups of users and devices
Factors from EDR
infoIntegrate endpoint security signals into trust scoring (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender)
Factors from IDP
infoIntegrate Identity Provider user and group attributes into trust scoring (Okta, Azure AD, OneLogin)
Factors from UEM
infoIntegrate endpoint manager compliance checks into trust scoring (Workspace ONE UEM, Intune, Jamf)
infoGain a complete view into user and device risk for security and regulatory compliance
Device Posture Reporting
infoTrack all devices – managed and unmanaged – accessing corporate resources, as well as their security posture
Private Application Discovery
infoDiscover private applications accessed by your users; publish using zero trust policies
IaaS Resource Discovery
infoDiscover IaaS cloud resources used by your organization; publish using zero trust policies
SaaS Application Discovery
infoDiscover SaaS applications accessed by your users; understand risk due to unsanctioned "shadow IT" apps
Admin Activity Reporting
infoRecord all admistrator activity in the Cloud Command Center
infoBlock malicious websites and enforce acceptable use policy
DNS Layer Security
infoBlock domains with malware, phishing, botnet, or other high risk items
TLS Decryption Security
infoProxy and inspect web traffic by decrypting TLS; filter by category, threat level, and more
Integrate with existing SWG
infoRoute internet-bound traffic to a third-party Secure Web Gateway
infoIntegrate with tools in your security stack
Integration with SIEM
infoPipe security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic)
Integration with Enterprise PKI
infoUse certificates issued by your existing Public Key Infrastructure (PKI) solution
Operations
infoProvision access for all users - employees, contractors, vendors, etc. - accessing corporate resources
Local User Management
infoCreate users, update user information, and deactivate users
SSO for Users
infoUse corporate single sign-on (SSO) with just-in-time (JIT) user creation
Passwordless Authentication
infoEnable users to log in via your corporate single sign-on (SSO) provider without entering a username/password (IDP Federation required)
SSO for Admins
infoUse corporate single sign-on (SSO) with just-in-time (JIT) user creation for administrator access
Admin RBAC
infoCreate administrators with different profiles and privileges, such as ReadOnly, PolicyAuthor, etc.
infoMaintain an inventory of all devices - managed and unmanaged - accessing corporate resources
Device Registration
infoLightweight registration using the Banyan app, with trusted device certificates issued by Banyan-managed Private PKI
Self-Registration Options
infoEnable certain user populations to register their own devices using the Banyan app
Revocation and Banning
infoDisable access - temporarily or permanently - for a specific device
Unregistered Devices
infoAllow policy-based access from devices that do not possess a trusted device certificate
Zero Touch Install
infoRoll out the Banyan app to your device fleet without requiring any end-user interaction
Pre-Installed Device Certificates
infoUse pre-installed device certificates managed by your corporate endpoint manager
infoProgramatically manage Banyan objects and automate provisioning tasks
Banyan API
infoRESTful endpoint to configure Banyan objects
pyBanyan
infoPython library and command-line interface to interact with the Banyan API
Terraform
infoTerraform provider to interact with the Banyan API
infoUnderstand access patterns across all corporate resources and create Zero Trust scorecards
Real-time Event Stream
infoMonitor a real-time stream of user and device activity
Reporting Dashboards
infoAnalyze access activity patterns across your users, devices, and services
Certificate Logs
infoRecord all certificate issuance, rotation, and revocation
Service Monitoring
infoContinuous monitoring and service statistics from your identity-aware gateways
Customer Support and Success
Knowledge Base
Banyan Community Membership
Email & Help Desk Support
Live Chat and Response SLAs Limited
Customer Success Team add-on
Technical Support Team add-on
Early Preview Features

* All prices expressed per user per month, billed annually.

Call
Deployment
infoFlexible Edge architecture provides fast and reliable connections to your users around the world
Global Edge Network
infoUse identity-aware gateways hosted and managed by Banyan in our global edge
Private Edge
infoSelf-host Banyan's identity-aware gateway in your own datacenters and cloud infrastructure
infoCloud management interface for Operations & Security admins to configure Zero Trust connectivity
Cloud Command Center
infoCentral management console that you can interact with via the web portal or the RESTful API
Private Command Center
infoCentral management console dedicated to your organization
add-on
infoNative support for all your device operating systems
Desktop
infoCross-platform desktop application for Windows, macOS, and Linux
Mobile
infoMobile app for iOS and Android, downloadable from Apple App Store and Google Play Store
Connectivity
infoEnable network access to private subnets using WireGuard VPN
Private Networks
infoProvide access to private subnets (RFC-1918 ranges) and private domains (internal DNS servers)
Split Tunneling
infoSelect specific subnets and domains (private or public) that need to be tunneled
Full Tunneling
infoTunnel all network traffic from devices
Site-to-Site Tunnels
infoConnect multiple private networks together to be accessed as a single flat network
add-on
infoConnect to internal HTTP applications using browser-only OpenID Connect flows
Custom Domains
infoPublish applications using your organization's corporate domains
Let's Encrypt Certificates
infoUse default-browser-trusted certificates issued by a public Certificate Authority
Application Authentication
infoOffload authentication and claims mapping to the identity-aware proxy, simplifying application authNZ
Programmatic Access
infoUse API tokens (instead of managing fragile IP whitelists) for scripting and automation
Clientless Desktop Access
infoLeverage the Apache Guacamole gateway to access your desktops from a web browser
add-on
infoConnect to internal TCP services using short-lived X.509 certificates
Catalog and Bundles
infoOrganize your infrastructure resources and publish them to end users
Linux Servers (SSH)
infoAccess Linux machines using any SSH client
SSH AuthNZ & Audit
infoEnable SSH certificate authentication, AuthorizedPrincipals, and audit logging
add-on
Kubernetes API
infoAccess the Kubernetes API using any Kubernetes client
Kubernetes AuthNZ & Audit
infoEnable Kubernetes OIDC authentication, RBAC authorization, and audit logging
add-on
Windows Servers (RDP)
infoAccess Windows machines from any RDP client
Databases
infoAccess database servers, such PostgreSQL and MySQL, using their native clients
infoEnforce device trust policies for cloud SaaS applications using SAML/OIDC federation and certificate authentication
SAML and OIDC Federation
infoDefine Zero Trust policies for individual, or groups of, SaaS applications
Identity Provider Cloaking
infoRestrict Cloud IDP access to registered devices to prevent password-stuffing and MFA-compromise attacks
Security
infoGranular, flexible least-privilege-access policies based on resource sensitivity
Trust Based Access Controls
infoContinuous authorization based on user and device context; real-time session revocation
User Roles
infoCreate policies based on user attributes such as department and IDP group
Device Roles
infoCreate policies based on device attributes such as Platform, Ownership, and Registration
API-level Policies
infoCreate Layer-7 policies to manage API access (hosted websites)
Network Policies
infoCreate Layer-4 policies to manage network access (Service Tunnels)
infoQuantify the level of trust and risk associated with your users and devices
Device Trust Scoring
infoAnalyze posture of a device, such as firewall, disk encryption, screen lock, OS version, etc. Control the effect when factors are not met.
Customizable Remediation
infoConfigure remediation instructions, such as messaging and links, shown to your end users
Trust Profiles
infoCustomize factors and policy effects based on groups of users and devices
Factors from EDR
infoIntegrate endpoint security signals into trust scoring (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender)
Factors from IDP
infoIntegrate Identity Provider user and group attributes into trust scoring (Okta, Azure AD, OneLogin)
Factors from UEM
infoIntegrate endpoint manager compliance checks into trust scoring (Workspace ONE UEM, Intune, Jamf)
infoGain a complete view into user and device risk for security and regulatory compliance
Device Posture Reporting
infoTrack all devices – managed and unmanaged – accessing corporate resources, as well as their security posture
Private Application Discovery
infoDiscover private applications accessed by your users; publish using zero trust policies
IaaS Resource Discovery
infoDiscover IaaS cloud resources used by your organization; publish using zero trust policies
SaaS Application Discovery
infoDiscover SaaS applications accessed by your users; understand risk due to unsanctioned "shadow IT" apps
Admin Activity Reporting
infoRecord all admistrator activity in the Cloud Command Center
infoBlock malicious websites and enforce acceptable use policy
add-on
DNS Layer Security
infoBlock domains with malware, phishing, botnet, or other high risk items
add-on
TLS Decryption Security
infoProxy and inspect web traffic by decrypting TLS; filter by category, threat level, and more
add-on
Integrate with existing SWG
infoRoute internet-bound traffic to a third-party Secure Web Gateway
add-on
infoIntegrate with tools in your security stack
Integration with SIEM
infoPipe security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic)
Integration with Enterprise PKI
infoUse certificates issued by your existing Public Key Infrastructure (PKI) solution
add-on
Operations
infoProvision access for all users - employees, contractors, vendors, etc. - accessing corporate resources
Local User Management
infoCreate users, update user information, and deactivate users
SSO for Users
infoUse corporate single sign-on (SSO) with just-in-time (JIT) user creation
Passwordless Authentication
infoEnable users to log in via your corporate single sign-on (SSO) provider without entering a username/password (IDP Federation required)
SSO for Admins
infoUse corporate single sign-on (SSO) with just-in-time (JIT) user creation for administrator access
Admin RBAC
infoCreate administrators with different profiles and privileges, such as ReadOnly, PolicyAuthor, etc.
infoMaintain an inventory of all devices - managed and unmanaged - accessing corporate resources
Device Registration
infoLightweight registration using the Banyan app, with trusted device certificates issued by Banyan-managed Private PKI
Self-Registration Options
infoEnable certain user populations to register their own devices using the Banyan app
Revocation and Banning
infoDisable access - temporarily or permanently - for a specific device
Unregistered Devices
infoAllow policy-based access from devices that do not possess a trusted device certificate
Zero Touch Install
infoRoll out the Banyan app to your device fleet without requiring any end-user interaction
Pre-Installed Device Certificates
infoUse pre-installed device certificates managed by your corporate endpoint manager
infoProgramatically manage Banyan objects and automate provisioning tasks
Banyan API
infoRESTful endpoint to configure Banyan objects
pyBanyan
infoPython library and command-line interface to interact with the Banyan API
Terraform
infoTerraform provider to interact with the Banyan API
infoUnderstand access patterns across all corporate resources and create Zero Trust scorecards
Real-time Event Stream
infoMonitor a real-time stream of user and device activity
Reporting Dashboards
infoAnalyze access activity patterns across your users, devices, and services
Certificate Logs
infoRecord all certificate issuance, rotation, and revocation
Service Monitoring
infoContinuous monitoring and service statistics from your identity-aware gateways
add-on
Customer Support and Success
Knowledge Base
Banyan Community Membership
Email & Help Desk Support
Live Chat and Response SLAs
Customer Success Team
Technical Support Team
Early Preview Features

* All prices expressed per user per month, billed annually.

Questions? Answers.

How do you calculate the number of users? What happens when I exceed the limit?

In the Banyan Cloud Command Center, the Users tab shows users who are registered and authenticated.
Banyan communicates a quarterly “true-up” for our Business and Enterprise customers.

How many devices are included in my license?

Banyan is priced per user, with no limits placed on the number of devices.

Why should I upgrade from Business to Enterprise?

Upgrading to Enterprise brings numerous benefits for little incremental cost. Enterprise features include secure SaaS application access, threat detection, integrations, and premium support, to name a few.

The Enterprise edition enables you to more fully take advantage of existing investments while enabling you to completely shut down your legacy VPN for remote access. The Banyan app is easily and quickly deployed to users in a Zero Touch Install via your existing UEM. The automated discovery of cloud resources makes it a snap to publish resources while security is enhanced by leveraging EDR/UEBA data to make authorization decisions. Enterprise edition further enhances the end user experience by providing passwordless authentication to the Banyan app and web-based resources. Also, with Enterprise the continuous authentication with device trust can also be applied to SaaS applications, providing complete visibility across users, devices, and applications whether on-premises, in SaaS, or in the cloud. Lastly, the Private Edge’s self-hosted access tiers enable full control and visibility over your user’s traffic.

How are the Enterprise edition add-ons priced?

Upgrading to Enterprise brings numerous benefits for little incremental cost. Enterprise features include secure SaaS application access, threat detection, integrations, and premium support, to name a few.

The Enterprise edition enables you to more fully take advantage of existing investments while enabling you to completely shut down your legacy VPN for remote access. The Banyan app is easily and quickly deployed to your users in a Zero Touch Install via your existing UEM. The automated discovery of cloud resources makes it a snap to publish resources while security is enhanced by leveraging EDR/UEBA data to make authorization decisions. Enterprise edition further enhances the end user experience by providing passwordless authentication to the Banyan app and web-based resources. Lastly, the Private Edge’s self-hosted access tiers enable full control and visibility over your user’s traffic.