Most organizations today utilize single sign-on for good reason: it consolidates authentication policies to reduce an attack surface. But user journeys don’t end at the front door: to gain the level of control modern organizations need, you need authorization to manage risk throughout a user session. A centralized policy engine utilizes existing identity attributes and threat telemetry to give your security teams the level of fine-grained control of organizational data to meet today’s threat landscape. Through practical examples, we’ll show why centralizing authorization policy augments your existing identity architecture to prevent lateral attacks and best protect organizational resources.