Frequently Asked Questions

About Cloudentity

What is Cloudentity? Expand Copy 6 Created with Sketch.

Cloudentity™ is a leader in providing a real-time, self-healing identity and security layer to cloud-native applications by leveraging identity and fraud management. Recently, we were named in Gartner’s 2017 “Cool Vendor” report. We unleash organizations to deliver secure digital transformation by delivering dynamic, real-time authentication, authorization, and management across users, services, and things. Identity is at the heart of everything we do. We drastically reduce application owners’ time to market by offloading cybersecurity and identity requirements, allowing developers to focus on game-changing business applications in a comprehensive DevSecOps manner.

Cloudentity is trusted by dozens of customers in finance, insurance, government, retail, and healthcare, including leading companies like Blue Cross Blue Shield, Reliance Industries, PG&E, Crowdstrike, and Standard Insurance Corp.

How do I contact Cloudentity? Expand Copy 6 Created with Sketch.

We welcome you to use our website’s live chat. You can also find our phone number and email on our Contact Us page.

How does Cloudentity License? Expand Copy 6 Created with Sketch.

Cloudentity licenses on a subscription model.

How do you price a subscription? Expand Copy 6 Created with Sketch.

Cloudentity leverages a service-based architecture that allows us to price our solution based on the services required. We offer small (up to 10 services), medium (up to 25 services), and large (up to 25 services) bundles.

Would we be required to replace our existing identity service provider? Expand Copy 6 Created with Sketch.

No, mainly due to a major advantage of microservice architecture. Although Cloudentity offers a full suite of identity services, organizations can choose what microservices they need, since each service is independent. Think of it as an à la carte offering of identity services. If an organization is seeking to utilize the MicroPerimeter™ to offload transactional security through authentication and authorization, yet would like to leverage an existing identity platform, that can be done. It’s accomplished using our Token Exchange Service, which allows session tokens to be created or verified.

Is Cloudentity the right option for our app to app security? Expand Copy 6 Created with Sketch.

Yes. Our MicroPerimeter™, unlike a centralized API gateway, protects one microservice or set of microservices. It also has a pluggable architecture that enables each incoming request and outgoing response to be subject to custom transformation performed by configurable plugins. All of this is made possible because the MicroPerimeter™ has such a small footprint that it can be deployed to protect as a micro-gateway or deployed next to the microservice. This is often called a sidecar approach.

Does Cloudentity work in a cloud environment? Expand Copy 6 Created with Sketch.

Yes. As our name suggests, our focus is to enable organizations to become a cloud entity.

Our platform provides application-specific security for all users, services, and things with an individual MicroPerimeter™, allowing for per-transaction authentication and per-resource authorization. This is accomplished by offloading API, microservice, and container security from the business function, and using identity and intelligent authorization as the center point. We empower enterprise application developers to seamlessly offload identity and data security in order to accelerate the DevOps process, creating a service mesh that is the gold standard in DevSecOps.

How do I get started? Expand Copy 6 Created with Sketch.

We welcome you to try our services free of charge by using the “Try For Free” links on our website.

You can also contact us by:

Is there a Cloudentity Developers Community I can join? Expand Copy 6 Created with Sketch.

Yes. We encourage you to join us on Slack or engage us in the community forum in the Developers section of our website.

Architecture

Does Cloudentity use microservices? Expand Copy 6 Created with Sketch.

Yes. Cloudentity is an identity platform that has been itself microservices-based from the start. All of the platform’s functionality follows the best practices available to the market and it is designed to support microservice architecture and integrate with microservices infrastructure.

Why wouldn’t I use other Identity stacks instead? Expand Copy 6 Created with Sketch.

Most identity products are not focused on microservices. These identity products do not recognize this rapidly-growing architectural style and do not have the coherent vision of Cloudentity.

Other identity stacks do not provide the powerful DevOps integration tools that are one of the key aspects of identity verification and API security. In addition, most identity products on the market are quite old and have not been designed to address modern development issues.

Finally, because other identity stacks are either monoliths or quasi-microservice-naturalized monoliths, or they have one of the following issues:

  • They cannot actually become part of the microservice environment
  • They use separate, selected microservices from their Identity stack to support A2A use cases
Why wouldn’t I do this myself? Expand Copy 6 Created with Sketch.

A D.I.Y. solution is always an option for a microservice architecture, but for obvious reasons, moving in that direction may not provide the desired outcome and it may introduce quite a bit of risk.

Before Cloudentity, many organizations who wanted to use microservices had to build their own solutions. Now, Cloudentity can be used to address common microservice security matters, eliminating the need for a D.I.Y. solution.

How does Cloudentity relate to other Identity products and API-Gateways? Expand Copy 6 Created with Sketch.

Cloudentity offers its own API gateway and can also integrate with existing API gateways. It supplements them with advanced authorization features and translation of external user session/application/device sessions to internal, microservice environment, stateless sessions with injected user context.

The Cloudentity platform integrates with existing legacy identity platforms if necessary through the Token Exchange Service. This allows existing organizations to incrementally move towards microservices without completely replacing their existing identity infrastructure.

Cloudentity lets you avoid the work and headache of building your own microservice security solution. Instead, you can use a product built specifically for microservices that uses well-known best practices and guidelines.

What is the relation between Cloudentity and Service Mesh tools? Expand Copy 6 Created with Sketch.

Cloudentity can be used in parallel with Service Mesh tools. Its rich security plane will not impact remaining features.

How can Cloudentity help with microservice environment security? Expand Copy 6 Created with Sketch.

If you choose to use Cloudentity, it will:

  • Translate external user/device/application sessions to internal stateless microservice session
  • Enrich internal sessions with user context that can be used by the microservices themselves and for policy evaluation at each microservice sidecar application
  • Aid in securing each microservice instance with a security sidecar, handling authentication and authorization in a stateless manner
  • Handle A2A token creation, signing, and verification key management
  • Integrate with existing microservice infrastructure and handle dynamic discovery, load balancing, routing, container orchestration, etc.
  • Provide a microservices-aware API gateway, exposing selected microservice endpoints either for public use or integration with an existing gateway
  • Provide organizations with multi-tenant application management, including microservice management
  • Offload development teams from addressing microservice security and allow them to concentrate on business-specific microservice logic
  • Introduce advanced authorization, including risk-based authorization, to your microservices environment
  • Integrate with legacy IAM platforms that cannot support microservices using the Token Exchange Service
  • Allow you to create a solution built on microservices, which is scalable and not constrained by security needs

Functionality

Does Cloudentity support Federation? Expand Copy 6 Created with Sketch.

Yes. Authentication to Cloudentity with external SAML and OIDC/OAuth-enabled IDPs supports dynamic IDP discovery.

Does Cloudentity support user management? Expand Copy 6 Created with Sketch.

Yes, through exposure of user management REST APIs that include:

  • Multi-tenant management of users and their attributes
  • Built-in mobile and email verification flows
  • User identifiers management, which includes verified emails/mobiles, UID, and other user attributes
  • Password management and reset password flows
  • Self/admin user registration and activation flows
  • User permissions and roles management
  • Configurable additional user attributes
  • Customer-specific extensions to the user identity management flows
  • Options to connect to external data sources
What are Cloudentity’s reporting and auditing capabilities? Expand Copy 6 Created with Sketch.

Cloudentity goes through REST APIs to get statics and reports to:

  • Capture information from logs before writing it on disk and sending to analysis
  • Collect predefined reports like: failed authentications, user reports, audit log reports, etc.
  • Reconfigure searches and stored data under analysis

The platform also creates a comprehensive, digitally signed audit trail for every step of a transaction. Starting at authentication for any user/service/thing to authorization across services to data store access, Cloudentity provides a unique transaction I.D., tamper proof audit, and verified claims.

Does it support frictionless authentication? Expand Copy 6 Created with Sketch.

Yes, and Cloudentity can be the IDP, supporting long-lived token authentication and handling user lockouts. It’s also extensible with custom authentication methods and supports login using Google, GitHub, Active Directory, and Salesforce.

What authorization capabilities does it have? Expand Copy 6 Created with Sketch.

Cloudentity supports RBAC, ABAC, and RAdAC. It’s possible to create policies taking into account devices, location, relationships, request parameters, and risk.

Does it support MFA? Expand Copy 6 Created with Sketch.

Yes, various types. Among them are HOTP (SMS, Voice), TOTP (e.g. Google Authenticator), and KBAs. Most custom authenticators can be supported as well.

What APIs does it expose? Expand Copy 6 Created with Sketch.

Cloudentity’s microservices expose all APIs needed to manage REST APIs for:

  • Cloudentity API Gateway
  • Third Party API Gateway
  • Cloudentity MicroPerimeter™
  • Service mesh syncing/configuration
  • Session Service
  • Authentication
  • Authorization
  • MFA
  • Token Exchange
  • SAML IDP
  • Oauth&OIDC
  • Federated login
  • User Management
  • Devices Management
  • Applications Management
  • Customer Management
  • Manage Relationships
  • Stats & Reports
  • Monitoring Dashboard
  • IoT Devices
  • Notifications
  • Risk-Based TrUST Engine™
  • Administration UI
  • Authentication UI
  • Self Service UI
How flexible is the authentication process definition? Expand Copy 6 Created with Sketch.

It’s a dynamic and configurable policy. The authentication UI adjusts its flow to it dynamically.

What components does it contain? Expand Copy 6 Created with Sketch.

Cloudentity’s components include:

  • Cloudentity API Gateway
  • Third Party API Gateway Plugin
  • Cloudentity MicroPerimeter™
  • Service mesh syncing/configuration
  • Session Service
  • Authentication
  • Authorization
  • MFA
  • Token Exchange
  • SAML IDP
  • Oauth&OIDC
  • Federated login
  • User Management
  • Devices Management
  • Applications Management
  • Customer Management
  • Manage Relationships
  • Stats & Reports
  • Monitoring Dashboard
  • IoT Devices
  • Notifications
  • Risk-Based TrUST Engine™
  • Administration UI
  • Authentication UI
  • Self Service UI
How do I know which subscription bundle I should be evaluating? Expand Copy 6 Created with Sketch.

It really depends on what you are trying to accomplish. As a rule of thumb:

  • Small – boost your identity solution and security with social sign-on, SSO, passwordless SSO, or multifactor authentication (MFA)
  • Medium – for more advanced identity management requirements like authentication for API or app
  • Large – for use in environments with a complex mix of transactions, users, and devices that require identity
Is there an evaluation of your enterprise software? Expand Copy 6 Created with Sketch.

Yes. We welcome you to explore our services for free of charge. Simply click any of the “Try For Free” links you see throughout our website.

 

How often does Cloudentity release major releases of product? Expand Copy 6 Created with Sketch.

Cloudentity releases major versions of product approximately every 12 months and minor releases every six months. Maintenance releases are provided on an as-needed basis.

Do I need Cloudentity in addition to other microservice tools? Expand Copy 6 Created with Sketch.

One of the advantages of microservices is that developers can focus on developing business-unique logic and applications while shifting generic responsibilities towards DevSecOps.

In the same way that container orchestration, service discovery, load balancing, request routing, and re-tries can be handled outside of the microservice environment with the proper tools, Cloudentity offloads microservice-specific security aspects from your system architecture.

Where can I get more answers? Expand Copy 6 Created with Sketch.

For answers to questions not addressed in this FAQ page, please email us or chat with us on our website. You can find our contact information on our Talk To Us page.