Replace your Business VPNs and Traditional Remote Access Tools with a Modern, FOSS, Self-Hosted, Unified ZTNA Solution that Supports both Client-based Access as well as Clientless/BeyondCorp Access for both Humans and Workloads to Private/Internal Resources behind NAT Scattered Across Multiple Clouds and Environments as well as to Protected Public Resources such as SaaS APIs and Databases
Octelium is a Unified Zero Trust Architecture that can Operate as a Comprehensive ZTNA/BeyondCorp Solution, a Remote Access VPN, an API/AI/MCP Gateway, a Programmable Reverse Proxy and Tunneling Infrastructure, PaaS-like Platform, and More.
Provide Dynamic Secretless Access to HTTP-based Resources without Sharing and Distributing API Keys to Users, PostgreSQL and MySQL Databases without sharing Passwords, SSH Servers without Managing Keys and Certificates as well to Kubernetes Clusters without Sharing Kubeconfigs
Access Control at the Application-layer (L7) (e.g. HTTP paths and methods, Kubernetes namespaces and verbs, PostgreSQL queries, etc...) using Identity-aware Proxies (IAPs) via Context-aware Policy-as-Code via CEL and OPA
Seamless Dual-Stack Client-based Client-based Access over WireGuard/QUIC Tunnels that Eliminates Traditional VPN Routing and NAT64 Problems with Automatic Centralized Private DNS
Public Clientless BeyondCorp access for both Humans via their Browsers asl well as Workloads written in any Programming Language via Standard OAuth2 Authentication Flow and Bearer Authentication Eliminating the Need to Use Clients or Special SDKs. Octelium even Supports Anonymous Access for Public Web Apps and APIs.
A Scalable Platform Built on top of Kubernetes for Automatic Horizontal Scalability and Availability
A PaaS-like Platform to Effortlessly Deploy, Scale and Secure Access to Containerized Applications of any Kind.
Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.
Seamlessly integrate any OpenID Connect or SAML 2.0 SSO Provider as well as GitHub OAuth2. Force Strong MFA via FIDO2 Phishing Resistant Authenticators into Access Control to Sensitive Resources.
OpenTelemetry-ready Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers
Dynamically Apply Native FIDO2 Passkey/WebAuthn, Time-based one-time Password (TOTP) Authentication and TPM 2.0 Authentication. Enforce Using Attested Hardware-based FIDO2 Authenticators in your Access Control Decisions.
