Modernize your existing identity platform with directory services, single sign-on, and fine grained access controls across on-prem and multi-cloud environments
Improve application and data security with automated provisioning, deprovisioning, and synchronization of identity information across platforms and applications
Provide access to enterprise wide information with enterprise-wide white pages
Cobalt is an identity platform built by ViewDS targeting deployment in and across cloud environments, including public, private, and managed clouds. It provides the four primary functions of identity and access management:
1. Directory services
2. Authentication, including social login, strong (certificate based) authentication, federated single sign-on, and multi-factor authentication
3. Fine-grained policy-based authorization
4. Identity and access audit
Cobalt was designed with enterprise IAM in mind, and it is well-suited to many enterprise IAM use cases:
IAM platform modernization/cloud-migration
Organizations that are looking to modernize their legacy on-premises IAM systems to better support their cloud migration projects can use Cobalt as their core IAM infrastructure. Because Cobalt supports cloud-friendly IAM protocols, and can be deployed easily in both public and private cloud data centers to provide low-latency authentication, single sign-on, and directory services for the company's applications, whether they are running on-premises, in a managed cloud data center, or in the public cloud infrastructure (including software-as-a-service (SaaS) applications).
Web and Cloud Single Sign-on
Organizations that want to simplify their user's login experience and reduce the number of credentials they have to manage can use Cobalt to implement web single sign-on. Cobalt SSO spans both on-premises and cloud SaaS applications, and provides users a seamless login and application access experience. IT administrators can configure fine-grained access controls that determine which applications are available to which users without having to manage complicated group memberships. Cobalt can work as either a SAML Identity Provider (IdP) or Service Provider (SP), so organizations can either use Cobalt or an external service such as Active Directory to manage credentials and provide authentication.
Organizations that want to extend their internal directory services to the cloud can use Cobalt as their public-facing cloud directory. Cobalt exposes directory data using the OData protocol, which makes it ideal for modern web applications and simplifies navigation of identity data. And Cobalt's flexible schema can handle any sort of enterprise identity structure, and the built-in synchronization function ensures that Cobalt directory data is kept up-to-date with respect to its source on-premises directory. And finally, Cobalt's fine-grained authorization policies ensure that only appropriate directory data is made available to cloud-based applications and users.
Enterprises are finding that different cloud environments are best suited for certain application workloads, whether because of compliance, performance, latency, or cost reasons. Rather than moving all of their applications to a particular cloud vendor's environment, many IT organizations are running their applications in multiple cloud environments, both public and private. Cobalt's microservice architecture allows the IT organization to deploy various identity services where they are needed to provide optimal service for their users and applications, while maintaining control of sensitive identity and access control data. For instance, Cobalt can run authentication and authorization services in one or more public cloud environments while keeping identity data and access control policies in the on-premises private cloud.
Centralized application authorization
Home-grown applications usually end up growing their own approaches to authorization, and they become more complex and disjointed over time. This ad-hoc approach leads to security vulnerabilities, as well as a poor user experience and extra development, testing and administration time. Instead of each application team developing its own approach to authorization, they can externalize the authorization policy, much like SAML allows them to externalize authentication. Cobalt provides a XACML-based authorization service that allows application developers and administrators to define authorization policies using both a role-based access control model (RBAC) and an attribute-based access control model (ABAC). This creates a consistent authorization approach across multiple applications, simplifies application administration, and frees developers up to work on the application features, rather than authorization policies.
Cobalt’s Key Differentiators
Cobalt provides these functions using a unique cloud-focused, micro-service based architecture:
- Identity and access management platform that you configure and run in your own environment, not a service run by someone else.
- Packaged as a set of Docker containers to simplify deployment and upgrades.
- Runs within private cloud or public cloud environments.
- Can run across cloud environments, for instance, the authentication service can run in the public cloud, and the directory services can stay in the on-premises private cloud.
- Microservice architecture provides flexible deployment and dynamic scalability.
- Multi-tenanted to support managed service provider and application provider scenarios.
- Built-in load balancing and clustering simplifies deployment and improves performance and availability.
- Fine-grained policy-based authorization services for both internal (administration) and external (application) access control.
- Built-in, customizable provisioning and synchronization functionality.
- API-driven configuration simplifies user interface development and integration.