All IAM glossary termsZero Trust · glossary
CAEP (Continuous Access Evaluation Profile)
Also known as: Continuous Access Evaluation Profile
Definition
CAEP (Continuous Access Evaluation Profile) is the OpenID Foundation Shared Signals standard for continuously evaluating session validity — letting IdPs push revocation signals to relying parties in near-real-time.
In more depth
Without CAEP, a session token issued at 9:00 stays valid until expiration even if the user is terminated at 9:15. CAEP changes that: when the IdP detects a change (user disabled, MFA reset, risk-event), it pushes a signal to all relying parties holding sessions for that user, which then revoke or step up.
Microsoft Entra + Okta both implement CAEP. Adoption is still building, but it's the future of session management in zero-trust architectures.
Want the work, not just the definition?