Skip to content

Private PKI/CA:

At the core, BastionXP functions as a Public Key Infrastructure (PKI) and Certificate Authority (CA) that automatically creates, signs and distributes TLS X.509 certificates and SSH certificates to devices, servers, workload, web apps, clients, and users within an enterprise.

Server certificates are automatically issued after a successful ACME challenge verification.

Client or user certificates are issued automatically upon successful SSO login and 2FA authentication via OIDC/SAML providers such as Google Workspace, Microsoft Office 365, Okta, Keycloak, and more.

BastionXP also provides secure API endpoints to automate certificate management at a very large scale.

BastionXP automates certificate management at scale, while simplifying end-user workflow without compromising security.

BastionXP offers Zero Trust Network Access(ZTNA) Security - all servers, workloads, and end-users are required to authenticate with the BastionXP Authentication Server using ACME or SSO and 2FA login or JWT, before access to the network can be granted.

BastionXP issues short-lived TLS X.509 and SSH certificates to end-users so that no user would have an indefinite access to any resource in your organization. Moreover, these certificates, issued to a specific user based on Role Based Access Control(RBAC) can be used to access only a specific server(s) in the network. BastionXP provides you fine-grained control over who can access what resources in a network and for how long.

All network access events are logged and available for download, so that the logs can be analyzed using a log analyzer for anamoly detection.

BastionXP supports ACME protocol for automating host identify verification and host certificate creation, management and distribution.

BastionXP supports SCIM integration with your IdP (Identity Provider) such as Okta, Microsoft Active Directory (Entra ID), Keycloak, Google Workspace, OneLogin etc. User groups defined in your IdP can be consulted by Bastion's RBAC to issue role and identity-bound user certificates to access your infrastructure. Your IdP can function as a "single source of truth" for all infrastructure access security.