Provide single sign-on for your applications using OpenID Connect
Provide common RESTful identity services across all your applications including directory, SSO, authentication, multi-factor authentication, authorization, and audit
Share role-based and attribute-based access controls your applications
Integrate your applications seamlessly with your customer's on-prem Active Directory and other identity systems
Secure your applications running on-prem or in the cloud
Provided high-performance distributed and replicated XML storage for your applications
Add easy to use and search profile and directory services to your applications
Cloud application developers who create cloud-based applications for enterprise customers frequently run into three problems:
1. The need to create an identity service to handle things like user account management, authentication, authorization, and single sign-on, and
2. The identity service needs to integrate with their customers' existing (usually on-premises) identity systems, such as Active Directory.
3. Using an Identity-as-a-service offering from an existing cloud vendor is expensive, creates lock-in and makes it difficult to move the application to another cloud platform without incurring significant management and performance penalties.
Even though basic user authentication is perhaps the easiest IAM functionality for a developer to implement, "rolling your own" authentication is surprisingly difficult to implement securely. Cobalt provides robust, standardized authentication mechanisms that an application developer can use out of the box, saving time and effort, and improving overall application security. Cobalt also provides multi-factor and social login options for the developer.
Cloud SaaS Application Integration
Cloud SaaS companies often start by building their own application, and then grow their business by acquiring other applications. Because the applications were developed by different teams and with different requirements and approaches, the user experience across the several applications is often very poor, including different look-and-feel, multiple logins, different access control models, different notions of roles and administrative operations, and so on. Look and feel issues are generally straightforward to deal with, but more effective integration of applications requires a common identity and access management platform. Cobalt's multi-tenancy, flexible directory schema, and attribute-based and role-based access control models allow application developers to provide a common identity experience across their application suite. Because all of Cobalt's features are exposed through standards-based REST APIs, integration with Cobalt can be quick and easy.
Fine-grained policy-based access control
Cloud SaaS applications often expose a minimalistic approach to access control. Although this simplifies the developer's life, it often falls short of what enterprises require in order to meet security and compliance requirements such as delegated administration and segregation of duties. Providing an access control model that can meet regulatory requirements and that is sufficiently flexible to suit a wide range of enterprise customers is a daunting task that can require significant time and effort. Cobalt provides an externalized access control service that allow applications to easily take advantage of both attribute-based and role-based access control models. Applications can define their own roles and policies, or the application can allow the customer to define them on a tenant-by-tenant basis.
A key requirement for application developers targeting enterprise customers is the ability to provide single sign-on leveraging the customers' own identity infrastructure (usually an on-premises Active Directory or a cloud identity system.) Cobalt provides support for SAML and OpenID Connect single sign-on with enterprise identity systems so that the application users can login and use the cloud application automatically without requiring another login and another set of credentials.
Enterprise IAM integration
Along with single sign-on, being able to automatically provision accounts and synchronize identity information from the customer's on-premises identity system is a key requirement for enterprise customers. Automatically provisioning accounts and synchronizing attribute data from the customer's identity system simplifies the customer onboarding process and reduces the customer's administrative overhead. Cobalt's built-in provisioning and synchronization and provisioning capability can pull identity information from any on-premises identity system and, using a customer defined policy, automatically provision and synchronize identity data to the Cobalt directory.
Cobalt’s Key Differentiators
Cobalt provides these functions using a unique cloud-focused, micro-service based architecture:
- Identity and access management platform that you configure and run in your own environment, not a service run by someone else.
- Packaged as a set of Docker containers to simplify deployment and upgrades.
- Runs within private cloud or public cloud environments.
- Can run across cloud environments, for instance, the authentication service can run in the public cloud, and the directory services can stay in the on-premises private cloud.
- Microservice architecture provides flexible deployment and dynamic scalability.
- Multi-tenanted to support managed service provider and application provider scenarios.
- Built-in load balancing and clustering simplifies deployment and improves performance and availability.
- Fine-grained policy-based authorization services for both internal (administration) and external (application) access control.
- Built-in, customizable provisioning and synchronization functionality.
- API-driven configuration simplifies user interface development and integration.