Authress provides Authentication and Authorization. This means identity management as well as the complex access controls for those users. These users can be your external users/customers/businesses (CIAM + OpenID + SAML) or internal employees and engineers (IdP + IAM).
Authress key features
- Authress provides a global
five-9s SLAfault tolerant networked approach to Authentication and Authorization enabling your users to log in anywhere in the world.
- Your users' data remains private in the local region of your choice, configurable per user.
- They can authenticate with their own social provider, a Corporate B2B Identity Provider, or any OAuth federated provider you configure.
- Choose available identity providers from the Authress curated list or create entirely new ones.
- Authress uses the latest EdDSA cryptography to ensure that the communication between your services is more secure than RSA + RS256.
- Fully integrate OIDC, SAML, OAuth2.1, or any other standard right away.
- Provides identity aggregation and single unified location to review your users.
- Preconfigured ready to use Authress Hosted Login Box without any additional configuration necessary.
Authorizeand verify users have the correct access to the correct resources.
Filterresources a user has access to, get every resource a user has access to.
Listusers that have access to a resource for auditing purposes.
- Create access records to define
ABAC, Policies, or Resource-Based
Zanzibar-like authorization for your users.
- Users can be assigned both roles and granular permissions to make it easy to alter permissions as soon as your architecture changes.
- Commit your records to code using
Access Control as Codeor dynamically generate permissions as access changes at runtime.
- Get a full audit trail of every authorization and authentication event sent directly to your SIEM of choice.
Machine to Machine security
- Generate api keys and service clients for your existing applications and platform.
- Distribute Authress API Keys to your technical users to be able to easily connect to your platform and service APIs without additional configuration.
- Use Authress to build an App Marketplace by creating Platform Extensions, so your customers can build plugins and you can secure them.
- Authress stores third party access and refresh tokens automatically so that you don't have to.
- These tokens will automatically rotate and maintain a latest and valid version.
- Authress respects and OAuth compatible provider and any non-standard one that returns
access_tokensin any format.
- Extensive list of SDKs and Starter Kits in a wide variety of languages and frameworks.
- Bring your own Auth provider - If you already use an identity provider, you can add Authress in to provide just the Authorization, or generate the APIs, or manage identity aggregation.
- Authress also supports direct integrations with the public cloud provider's auth solutions.
- Authress provides partial integrations, you don't have to completely switch everything, Authress works with long term and in place migrations.
- Flexible billing that scales with your needs, there is no minimum spend, and pay only by usage.
- Only pay for a small number of APIs call, most of the API is 100% free.
- Run Authress Local, for an open source testing experience before deploying to production.
- Drop in UI components to streamline your users' experience.
Resources and further reading
- Authress Sign up
- Quick start guide
- Review the Authress API
- Authentication Set up
- Authorization deep dive
- How to Guides
If you aren't sure what you are looking for, we suggest the latest Auth situation report and some of our other articles. If you are looking to learn more about generic auth concepts, check out the Authress Academy.