MICROSERVICES ARCHITECTURE BUILT FOR SPEED

The world's only cloud-first security mesh.

Free to get started. No credit card required.

POWERING SECURE BUSINESS GROWTH, ONE IDENTITY AT A TIME

FOR CUSTOMERS

Customers want a great application user experience from companies who are easy to do business with.

Cloudentity's Identity Microservices™ enable a frictionless user identity experience that excites and delights customers, enabling them to buy more and tell all their friends about their great experience.

FOR BUSINESS OWNERS

Business Owners want engaging customer experiences that attract new business and grow existing revenue channels.

Cloudentity enables business owners to not only meet — but exceed — revenue growth goals with great user experience, faster transaction growth and rapid response to new business opportunities.

FOR CISOS

CISOs need to move faster to respond to business needs while minimizing security and identity risk.

Cloudentity ensures confidence through a more predictable, lower risk approach to identity and security, plus the flexibility to adapt to changing business needs at cloud speed.

FOR IDENTITY & SECURITY ARCHITECTS

Identity and Security Architects need to design and ensure identity standards meet the business needs while leveraging new technologies and de-risking new initiatives.

Cloudentity's Identity Microservices™ deliver a standardized and extensible identity and security approach that minimizes risk while leveraging existing systems and modern tech stack architectures.

Pre-built set of security microservices

The Cloudentity Security Mesh is architected as a comprehensive set of Identity Microservices™ focused on protecting cloud-native applications. Every service is prebuilt, pretested, security reviewed.

MicroPerimeter™

Docker images wrapping microservice service with security sidecar and proxy

MicroPerimeter™ Mesh

Kubernetes Integration: initializers, kubernetes-vault integration, pod-dedicated security sidecar and proxy

TrUST Engine™

Runs algorithms calculating risk based on incoming events including storage of calculated risk associated with user, session, IP, device

Token Exchange

Just in time token service that inserts the tokens needed for use with existing proprietary IAM systems

Authorization Service

Create effective policies combining validation of user attributes, risk, permissions, roles, location, devices

Data Layer

Provides mapping, translation and aggregation services while interacting directly with data stores, sessions stores and existing IAM systems

SAML IDP

Brings SAML into the modern era making it horizontally scalable and highly configurable

SAML SP

Set of federation services that enables service provider or relying party functionality

OAuth & OIDC

Multi-tenant, federated SSO for OIDC & OAuth enabled applications exposing APIs as well as UI to handle OAuth flows

Federation

Authentication to Cloudentity with external SAML and OIDC/OAuth enabled IDPs supporting dynamic IDP discovery

User Management

Multi-tenant, management of users and their attributes with built-in mobile, password and email verification flows

User Registration

Self/Admin user registration and activation flows with password management and reset password flows

Device Management

Built-in device print analysis and recognition algorithms, device history with Cassandra store support to store enormous amount of devices

Device Registration

Generation of device salt returned to the user agent with configurable additional device attributes

Applications

Comprehensive application management through distinct application capabilities: OAuth Client - client id, secret, consumed resources selection

Delegated Admin

Decentralized management of access rights for roles

IDP Configuration

Externalized configuration service for the SAML ID that implements external authentication module for SAML flows

User Self-Service

Self-registration, client-side password policy verification, email/mobile verification, device management, and more

MFA

Usage of MFAs in authorization policies providing a selection of predefined verifications and Device based adaptive authentication

API Gateway

APIs protection with powerful offline and online authorization/policy enforcement. Supports third party GWs via plugins

Service mesh sync

Microservices installed within the secured service mesh domain to synchronize local configuration with the centralized policy and API management

Service mesh config

Microservice exposing central, tenant specific configuration for the service mesh sync consumption

Stats & Reports

REST APIs to get statics and reports. Capturing information from logs before writing it on disk and sending to analysis

Administration UI

UI based User, Application, Federation, Organization, Microservice, Policy, Permission, Role Management

THE CLOUDENTITY TrUST ENGINE™

The Cloudentity Security Mesh also includes the TrUST Authorization Engine which measures real time transactional risk between the services, users and things protected. The solution can assess and evaluate risk on a transactional basis and provide dynamic authorization flows to mitigate the risk.

The TrUST engine’s dynamic authorization is available for every transaction, from the initial User authentication to every application to application transaction, while maintaining user context, solving complex microservices security and audit issues while ensuring the highest levels of security for transactions.

Further still, each transaction creates a comprehensive digitally signed audit trail from authentication to data access via unique individual transaction IDs and verified claims available to applications, microservices, APIs, containers and server-less functions for frictionless fulfillment of governance and compliance requirements.

Now organizations can build and run faster in a cloud-fast DevOps world.

BEST-IN-CLASS ARCHITECTURE

  • An evolving set of microservices for management of UST, user self-service, strong authentication, session mobility and more
  • Ideal for modern container architectures
  • Supports cloud-native, hybrid-cloud and multi-cloud architectures

FLEXIBLE INTEGRATION OPTIONS

  • SaaS Cloud apps via SAML 2.0, OpenID Connect or SCIM
  • Net new apps & services via Open SDK & REST APIs
  • Legacy & COTS apps via Cloudentity Access Gateway
  • Top 3rd party security, identity, WAF, SIEM, detection, fraud and attribution vendors