Gluu is an end-to-end security platform that enables enterprises to centrally control access to resources based on flexible policies.
Agama Web Flows: A low code approach to orchestrate existing identity sources and workflows.
Casa: Self-service credential management portal that links end-users to external identity providers, passkeys, and other MFA authenticators.
Mobile Authn: Implement multi-step backchannel mobile authentication flows using the latest OAuth technology (No web browser!)
Real-time Token Revocation: For single transactions or account takeover revocation, use a lightweight PDP in your app to check token status.
If your business needs data sovereignty or full operational control of your business security infrastructure, you can use Gluu Flex, our commercial software distribution. The Flex software includes everything you need to deploy on a public or private cloud, including Helm, Rancher and Terraform assets. Gluu provides 24x7x365 support subscription for enterprise customers, and a license-only SMB subscription.
Deploy a Gluu Flex instance for your business on Google’s serverless infrastructure. Software and configuration changes are managed via Gitops, and rolled out with zero downtime. Gluu’s Solo hosting offering is useful for businesses that want to use Flex, but do not want to worry about the care and feeding of another mission critical database and cloud infrastructure.
Prefer free? Our software is based on the community governed Linux Foundation Janssen Project. Janssen is an open source enterprise digital identity platform of standards-based, developer friendly, components that are engineered to work together in any cloud. Visit our Github Project Home, or jump to the installation section of the Documentation.
Because IAM is middleware, open standards are critical to connect a wide array of applications and systems. Gluu leverages OpenID to authenticate people using the Web, FIDO for passkey and security key authentication, OAuth to secure APIs, and SAML for B2B and legacy applications.
OpenID is a popular federated identity standard for web-based applications. Gluu and the upstream Linux Foundation Janssen Project have accumulated many Open Provider Certifications. Not only can Gluu Flex act as an identity provider, but using Gluu’s OpenID Agama Project, you can link a person’s account with an external OpenID Provider.
SAML, the XML identity federation predecessor of OpenID Connect, is used primiarily by SaaS and older web-based enterprise applications for SSO. In Flex, the Keycloak component provides the SAML IDP endpoints and acts as a SAML SP via the federation broker (to utilize an external SAML IDP).
A set of standards that enable the hardware, operating system, browser, and identity provider to authenticate a person using phishing-resistent, client-side biometrics. Flex provides FIDO endpoint that support passkeys, USB, Bluetooth. and platform authenticators.
OAuth is used to authenticate a person using a mobile device, or to authenticate software–identity is not just for humans! Using Flex, your business can manage how software clients register an asymetric secret, and which API endpoints they are authorized to access.
Apple, Google and Microsoft have collaborated on federating FIDO capabilities they expose through their operating systems. This cooperation enables businesses to rollout passwordless authentication with unparalleled usability, security and deployability.
Gluu has OOTB support for TOTP, which is the standard behind Google Authenticator and other one-time password applications. Not a panacea, but not a bad option for some use cases.
While control of an SMS number is not a great indicator of human identity, it may the best or only option for your business. Don’t worry–we have your covered. Sign up with Twilio, and send SMS OTP codes in seconds.
A free push-based mobile authentication app on the App Store and Play Store for any device–no hardware requirements. Pay only $.01 per notification on the Agama Lab Scan Marketplace. MORE INFO