Solution

The Modern, Open Source, Self-Hosted, Scalable BeyondCorp Platform

Everything you need, in one platform.

A Modern, Open Source BeyondCorp Architecture

Replace your Business VPNs and Traditional Remote Access Tools with a Modern, FOSS, Self-Hosted, Unified BeyondCorp Zero Trust Architecture to Provide Secure Secretless, Clientless Access for both Teams via their Browsers as well as for Workloads via Standard OAuth2 Authentication Flow

How Octelium Works

A Unified Architecture to Internal and SaaS Resources

A Unified Architecture to Provide Access to Private/Internal Resources behind NAT Scattered Across Multiple Clouds and Environments as well as Protected Public Resources such as SaaS HTTP, gRPC and Kubernetes APIs

What is Octelium?

Dynamic, L7 Aware, Secretless Access

Provide Dynamic Secretless Access to any HTTP-based Resources without Sharing Upstream API Keys, Access Tokens and OAuth2 Credentials without Managing Keys and mTLS Certificates

Identity-based, L7 Aware Access Control

Identity-based ABAC Access Control at the Application-layer (L7) (e.g. HTTP paths, methods and JSON body content, Kubernetes namespaces and verbs, etc...) using Identity-aware Proxies (IAPs) via Context-aware Policy-as-Code via CEL and Open Policy Agent (OPA)

Policies and Access Control

Unified, Scalable Access via OAuth2 for Workloads

Provide Unified Access to all your REST and gRPC APIs for your Workloads written in any Programming Language via Standard OAuth2 Client-Credentials Flow without having to use Special SDKs

OAuth2 Access

Built for Scalability and Availability

A Scalable Platform Built on top of Kubernetes for Automatic Horizontal Scalability and Availability

How Octelium Works

Integrate your OIDC/SAML SSO Providers

Seamlessly integrate any OpenID Connect or SAML 2.0 SSO Provider as well as GitHub OAuth2.

Identity Providers

Advanced Request/Response Manipulation and Control

Apply your Own Custom Identity-based, Context-aware Request/Response Manipulation and Validation with Lua Scripts and Envoy ExtProc Compliant Servers. Dynamically Enforce Dynamic Rate Limiting, Caching and JSON Schema Validation on a Per-Request Basis.

HTTP Plugins

Centralized, Declarative and Programmable Management

Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.

Guide to Octelium Management

Dynamic, Native MFA and Login with FIDO2 Passkey, TPM 2.0 and TOTP

Dynamically Apply Native FIDO2 Passkey/WebAuthn, Time-based one-time Password (TOTP) Authentication and TPM 2.0 Authentication. Enforce Using Attested Hardware-based FIDO2 Authenticators in your Access Control Decisions.

Authenticators

OpenTelemetry-native Real-time Visibility

OpenTelemetry-ready Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers

Visibility and Auditing

Get started

Deploy Octelium on your own infrastructure in minutes.

Free and open source. Self-hosted. No vendor lock-in.

Quick install Star on GitHub