Services Overview

Cloudentity™ is a leader in providing a real-time, self-healing identity and security layers to cloud-native applications by leveraging identity and fraud management. We unleash organizations to deliver secure digital transformation by delivering dynamic, real-time authentication, authorization, and management abilities across users, services, and things. Identity is at the heart of everything we do, and with it, we drastically reduce application owners’ time to market. Offload cybersecurity and identity requirements and let your developers focus on game-changing business applications in a comprehensive DevSecOps manner.

The Cloudentity Identity Platform has been architected based on microservices, designed to support their architecture and integrate with their infrastructure. Explore an overview of our available services and please reach out to our team if you have any questions. Reach out through phone or email through our Talk to Us page or connect with us now through live chat.

API Gateways and MicroPerimeter™

API Gateway

  • Protection for APIs
  • Low latency, non-blocking, vert.x-based services
  • Support for OAuth2, SSO, Bearer JWT, and SAML sessions
  • Powerful offline and online authorization/policy enforcement
  • Microservice mesh ingress point
  • User-to-service session translation and user context enrichment
  • Extensibility options with custom plugins

Third-Party API Gateway Kit

  • API Gateway microservices awareness
  • Microservice mesh ingress
  • Drastic improvement of API Gateway authorization capabilities
  • End-user session to microservice session translation

MicroPerimeter™

  • Authentication/authorization for service meshes through lightweight microservice sidecars and JWT-based sessions
  • Docker images that wrap your service with security sidecar and proxy
  • Verified end-user context available wherever needed
  • Linkerd and envoy proxy integration
  • Low latency — local policy enforcement
  • Low memory footprint — sidecar implemented in Golang
  • gRPC support

MicroPerimeter™ Mesh

  • MicroPerimeter™ services and more
  • Kubernetes integration, including:
    • Initializers
    • Kubernetes-vault integration
    • Pod-dedicated security sidecar and proxy
  • Istio integration (in progress)

Micro API Gateway

  • Authentication/authorization for service meshes through lightweight microservice sidecars and JWT-based sessions
  • Verified end-user context available wherever needed
  • Low latency

Service Mesh Sync

Cloudentity’s Service Mesh Sync allows microservices installed within the secured service mesh domain to synchronize local configuration with centralized policy and API management.

Service Mesh Config

Try a microservice that exposes central, tenant-specific configuration for service mesh sync consumption.

 


 

Overall Services

Session Service

  • Distributed, horizontally scalable in-memory grid session store
  • Storage of user attributes, authentication events, devices, and custom attributes
  • Session quotas per user and device
  • Small session footprint
  • Multi-region session replication

Authentication

  • Authentication with Cloudentity as IDP
  • Authentication with user identifier and password
  • “Remember me” — long-lived token authentication
  • User lockouts handling
  • Extensible options with custom authentication methods

Authorization

  • Versatile PDP with flexible policies
  • Support for ABAC, RBAC, and RAdAC models
  • Multiple validators delivered out-of-the-box, such as:
    • User attributes
    • Session attributes
    • Request attributes
    • Device
    • Location
    • Risk
  • Capability to implement custom validators and add them on the fly
  • Policy as JSON, composed of validators and conditions
  • Low latency, x-based, non-blocking, stateless, horizontally scalable service
  • Ability to use external policies through a validator
  • REST-based policy creation and validation
  • Ability to store policies in Cassandra, allowing you to define massive amounts of policies

Multi-Factor Authentication (MFA)

  • MFA in authentication process
  • Usage of MFAs in authorization policies
  • Selection of predefined verifications
    • OTP over email, mobile, and voice
    • URL encoded OTP over email
    • TOTP/Soft token
    • KBAs
  • Device based adaptive authentication
  • Authentication without passwords — OTP as first factor