The Open Source Zero Trust Secure Access Platform

The Open Source Next-Gen Platform for Zero Trust Resource Access

Zero Trust Network Access (ZTNA) Platform

Zero-Config Client-based Access For Humans and Workloads to all your Internal Resources Across All Clouds

A Unified, Modern, Self-Hosted, FOSS Platform to Replace your VPNs, Tunneling, and Remote Access ToolsSecretless Access for both Humans and Workloads, Securing Internal Resources, Microservices, AI Workloads, IoT, and Public SaaSIdentity-based, L7-aware, Per-Request ABAC Access Control with Policy-as-Code and Real-time Visibility

GitHub Repo Get Started

Octelium is Free and Open Source Software

What is Octelium?How Octelium Works Quick Management Guide Download CLI Contact Us

Authentication

Integrate with OpenID Connect and SAML Identity Providers (IdPs)

Authorization

Scalable, Composable Policy-as-Code with CEL and OPA (Open Policy Agent)

Access

Unified Access Platform for Humans and Workloads

Visibility

OpenTelemetry-native Visibility in Real-Time

Architecture

A Multi-Mode, Unified Zero Trust Architecture for ZTNA

Modern, Scalable, Unified Zero Trust Platform for Secure Access

Unified Platform for Humans and Workloads to Access Private Clouds and Internal Resources, Microservices, AI Workloads, IoT and Publicly Protected SaaS Resources

Unified Architecture Providing both Zero-Config Client-based over WireGuard/QUIC and Public Clientless/BeyondCorp Access

Seamless Secretless Access that Eliminates Sharing Layer-7 Credentials such as HTTP API keys, TLS/SSH Private keys and Database Passwords

Built on top of Kubernetes for Seamless Horizontal Scalability and Availability

OpenTelemetry-native, L7 Aware Visibility and Auditing in Real-Time

Access to Protected Public SaaS APIs without distributing API Keys

Dynamic, Application-layer Aware, Per-Request Access Control

Per-Request, Dynamic, Identity-based, Context-aware Access Control using ABAC and Policy-as-Code

L7-aware Access Control via Scalable Identity-aware Proxies (IAPs) to Provide Dynamic Least Privilege Access

Dynamic, Identity-based, L7-aware Upstream Routing and Request/Response Manipulation

Zero-Standing Privileges. No Superusers. All Permissions can be Dynamically Limited by Time and Context.


kind: Policy
metadata:
  name: my-policy
spec:
  rules:
  - effect: ALLOW
    condition:
      all:
        of:
        - match: ctx.user.spec.type == "HUMAN"
        - match: "friends" in ctx.user.spec.groups
        - match: ctx.request.http.method in ["GET", "POST"]
        - match: ctx.user.spec.info.email.endsWith("@example.com")
        - match: ctx.request.http.bodyMap.model == "gpt-4o-mini"
        - match: ctx.session.status.authentication.info.aal == "AAL3"
        - any:
            of:
            - match: ctx.request.http.path.startsWith("/api/v1")
            - match: ctx.request.http.path.startsWith("/api/v2")

Much More than just Another Secure Remote Access Solution

Centralized, Declarative GitOps-friendly Management

A PaaS-like Platform to Effortlessly Deploy, Scale and Secure Access to Containerized Applications

Provide Anonymous Public Access to your Websites and Public APIs

Passwordless SSH Access to Hosts with no SSH Servers such as Containers and IoT Devices

Eliminate VPN Routing Problems at Scale. Eliminate the Need for NAT64. Unified Automatic Private DNS Server using Your Own Domain.

octeliumctl apply

User anna created...

Octelium Clusters are designed to be administered like Kubernetes. One command is enough to (re)produce the Cluster state which can be stored in git repos.

Continuous, Strong Authentication

Seamlessly Integrate any OpenID Connect and SAML 2.0 SSO Identity Provider (IdP) and Force Strong MFA via FIDO2 Phishing Resistant Authenticators into Access Control

Secure Clientless Access for your Workloads Written in any Programming Language to HTTP-based Resources and APIs using Standard OAuth2 and Bearer Authentication

Secretless OIDC Assertion-based Authentication for Workloads that eliminates Authentication Token Management and Distribution at Scale

Per-User Re-Authentication Periods and Real-time Session Revocation

Okta

Azure AD

OneLogin

Keycloak

Auth0

Google Workspace

Authelia

Generic OpenID Connect IdP

GitHub Repo Get Started

Octelium is Free and Open Source Software

What is Octelium?How Octelium Works Quick Management Guide Download CLI Contact Us