Product Editions

Banyan offers product editions to suit every need, from easy-to-deploy zero trust access for teams, through full-blown enterprise-wide capabilities.

$0

Team

Limited to 20 users

Features:

  • Global edge network
  • Desktop Banyan app
  • One-click access to apps and infrastructure
  • Zero Trust policies
  • Audit & reporting
  • Community support

$5

user/month

Business

Billed annually

All Team Edition features, plus:

  • Enterprise SSO integration
  • Mobile app
  • Trust score customization
  • Policies for SaaS applications
  • SLA and dedicated support

Call

for Quote

Enterprise

Billed annually

All Business Edition features, plus:

  • Self-hosted access tier(s)
  • Cloud resource discovery
  • UEM/EDR/UEBA integration
  • Tunnel
  • Zero touch install
  • IDP passwordless authentication

Product Editions Comparison

Team Business Enterprise
Deployment
iFlexible Enterprise Edge architecture provides fast and reliable connections to your users around the world
Global Edge Network
iUse identity-aware proxies hosted and managed by Banyan Security in our global edge
Private Edge
iSelf-host Banyan Security's identity-aware proxy in your own datacenters and cloud infrastructure
iCloud management interface for IT & Security Admins to configure Zero Trust connectivity
Cloud Command Center
iCentral management console that you can interact with via the web portal or our RESTful API
Private Command Center
iCentral management console dedicated to your organization
add-on
iNative support for all your device operating systems
Desktop
iCross-platform desktop application for Windows, macOS, and Linux
Mobile
iMobile app for iOS and Android, downloadable from Apple App Store and Google Play
Connectivity
iConnect to internal HTTP applications using browser-only OpenID Connect flows
Custom Domains
iPublish applications using your organization's corporate domains
Let's Encrypt Certificates
iUse default-browser-trusted certificates issued by a public Certificate Authority
Application Authentication
iOffload authentication and claims mapping to the identity-aware proxy, simplifying application AuthNZ
Programmatic Access
iUse API tokens (instead of managing fragile IP whitelists) for scripting and automation
Clientless Desktop Access
iLeverage the Apache Guacamole gateway to access your desktops from a web browser
add-on
iConnect to internal TCP services using short-lived X.509 certificates
Catalog and Bundles
iOrganize your infrastructure resources and publish them to end users
Linux Servers (SSH)
iAccess Linux machines using any SSH client
SSH AuthNZ & Audit
iEnable SSH certificate authentication, AuthorizedPrincipals, and audit logging
add-on
Kubernetes API
iAccess the Kubernetes API using any Kubernetes client
Kubernetes AuthNZ & Audit
iEnable Kubernetes OIDC authentication, RBAC authorization, and audit logging
add-on
Windows Servers (RDP)
iAccess Windows machines from any RDP client
Databases
iAccess database servers such PostgreSQL and MySQL using their native clients
iEnforce device trust policies for cloud SaaS applications without backhauling traffic onto your corporate network
SAML and OIDC Federation
iDefine Zero Trust policies for individual, or groups of, SaaS applications
Identity Provider Cloaking
iRestrict Cloud IDP access to registered devices to prevent password-stuffing and MFA-compromise attacks
iEnable network access to private subnets using WireGuard
Private Domains
iUse your organization's internal DNS servers
Split Tunneling
iSpecify subnets that need to be tunneled (instead of intercepting all network traffic)
Operations
iProvision access for all users - employees, contractors, vendors, etc. - accessing corporate resources
Local User Management
iCreate users, update user information, and deactivate users
SSO for Users
iUse corporate single sign-on (SSO) with just-in-time (JIT) user creation
Passwordless Authentication
iEnable users to log in via your corporate single sign-on (SSO) provider without entering a username/password (IDP Federation required)
SSO for Admins
iUse corporate single sign-on (SSO) with just-in-time (JIT) user creation for administrator access
Admin RBAC
iCreate administrators with different profiles and privileges, such as ReadOnly, PolicyAuthor, etc.
iVisibility into all devices - both managed and unmanaged - accessing corporate resources
Device Registration
iLightweight registration using the Banyan apps, with trusted device certificates issued by Banyan-managed Private PKI
Self-Registration Options
iEnable certain user populations to register their own devices using the Banyan apps
Revocation and Banning
iDisable access - temporarily or permanently - for a specific device
Unregistered Devices
iAllow policy-based access from devices that do not possess a trusted device certificate
Zero Touch Install
iRoll out the Banyan app to your device fleet without requiring any end-user interaction
Pre-Installed Device Certificates
iUse pre-installed device certificates managed by your corporate endpoint manager
iUnderstand access patterns across all corporate resources and create Zero Trust scorecards
Limited
iRecord system events for your organization to provide an audit trail and understand platform activity
iProgramatically manage Banyan objects and automate provisioning tasks
iAutomatically discover corporate resources to publish to your users
Limited
Security
iImmediate access revocation when a user and/or their device no longer meets security posture thresholds
iGranular, flexible least-privilege-access policies based on resource sensitivity
iQuantify the level of trust and risk associated with your users and devices
Limited Limited
Device Trust Scoring
iAnalyze device security posture, including OS version, firewall, disk encryption, and screen lock status
Customizable Trust Factors
iConfigure factors based on platform and ownership type. Support for "preferred applications" factor.
Customizable Remediation
iConfigure remediation instructions, such as messaging and links, shown to your end users
Factors from IDP
iIntegrate Identity Provider user and group attributes into Trust Scoring (Okta, AzureAD, OneLogin)
Factors from UEM
iIntegrate Endpoint Manager compliance checks into Trust Scoring (Workspace ONE UEM, Intune, Jamf)
Factors from EDR
iIntegrate Endpoint Security signals into Trust Scoring (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender)
iIntegrate with the various tools in your security stack
Integration with SIEM
iPipe security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic)
Integration with Enterprise PKI
iUse certificates issued by your existing Public Key Infrastructure (PKI) solution
add-on
Customer Support and Success
Knowledge Base
Banyan Community Membership
Email & Help Desk Support
Limited
Live Chat and Response SLAs Limited
Customer Success Team add-on
Technical Support Team add-on
Early Preview Features
Pricing

$0

$5

user/month

Call

for Quote

Get Team Edition Contact Sales Contact Sales