Services Overview

Cloudentity™ is a leader in providing a real-time self-healing identity and security layer to cloud-native applications by leveraging Identity and Fraud Management. We unleash organizations to deliver Secure Digital Transformation by delivering dynamic real-time authentication, authorization and management across users, services, and things. Utilizing Identity at the heart of everything we do, we drastically reduce application-owners time to market by offloading cybersecurity and identity requirements allowing developers to focus on game changing business applications in a comprehensive DevSecOps manner.

The Cloudentity Identity Platform has been architected based on microservices and designed to support microservice architecture and integrate with microservices infrastructure.

This is an overview of the services available. If you have a question, please feel free to ask us using our website’s live chat or contact us by email.

API Gateways and Micro-perimeter

API Gateway

  • APIs protection
  • Low latency, non-blocking, vert.x based
  • OAuth2, SSO, Bearer JWT, SAML sessions support
  • Powerful offline and online authorization/policy enforcement
  • Microservice mesh ingress point
  • User to service session translation & user context enrichment
  • Extensibility with custom plugins

Third Party API Gateway Kit

  • Makes API Gateway microservices aware and microservice mesh ingress
  • Drastic improvement of API Gateway authorization capabilities
  • End-user session to microservice session translation

Micro Perimeter Mesh

  • Authentication, authorization for service meshes through lightweight microservice sidecars and sessions based on JWTs
  • Verified end-user context available wherever needed
  • Kubernetes Integration:
    • Initializers
    • kubernetes-vault integration
    • pod-dedicated security sidecar and proxy
  • Istio integration (in progress)
  • Linkerd & envoy proxy integration
  • Low latency – local policy enforcement
  • Low memory footprint – sidecar implemented in golang
  • gRPC support

Micro Perimeter

  • Authentication, authorization for service meshes through lightweight microservice sidecars and sessions based on JWTs
  • Docker images wrapping your service with security sidecar and proxy
  • Verified end-user context available wherever needed
  • Linkerd & envoy proxy integration
  • Low latency – local policy enforcement
  • Low memory footprint – sidecar implemented in golang
  • gRPC support

Micro API Gateway

  • Authentication, authorization for microservices through lightweight microservice sidecars and sessions based on JWTs
  • Verified end-user context available wherever needed
  • Low latency

Service mesh sync

  • Microservices installed within the secured service mesh domain to synchronize local configuration with the centralized policy and API management

Service mesh config

  • Microservice exposing central, tenant specific configuration for the service mesh sync consumption

 


 

Overall Services

Session Service

  • Distributed, horizontally scalable in-memory grid session store
  • Storage of user attributes, authentication events, devices, custom attributes
  • Session quotas per user and device
  • Small session footprint
  • Multi-region session replication

Authentication

  • Authentication with Cloudentity as IDP
  • Authentication with user identifier and password
  • Remember me / long lived token authentication
  • User lockouts handling
  • Extensible with custom authentication methods

Authorization

  • Versatile PDP with flexible policies
  • ABAC, RBAC, RAdAC models support
  • Multiple validators delivered out-of-the-box like: user attributes, session attributes, request attributes, device, location, risk
  • Capability do implement custom validators and add them on the fly
  • Policy as JSON composed of validators and conditions
  • x based, non blocking, low latency, stateless, horizontally scalable service
  • Ability to use external policies through a validator
  • REST based policy creation and validation
  • Policies can be stored in Cassandra allowing to define massive amount of policies

Multi-factor authentication (MFA)

  • MFA in authentication process
  • Usage of MFAs in authorization policies
  • Selection of predefined verifications
    • OTP over email, mobile, voice
    • URL encoded OTP over email
    • TOTP/Soft token
    • KBAs
  • Device based adaptive authentication
  • Password less authentication – OTP as first factor