A Unified, L7-Aware, Zero-Config Remote Access WireGuard-based VPN with Automatic Private DNS for both Humans and Workloads to Access any Private/Internal Resource behind NAT from Anywhere as well as Protected Public Resources such as SaaS APIs and Databases
Provide Dynamic Secretless Access to HTTP-based Resources without sharing API Keys and Access Tokens, PostgreSQL and MySQL Databases without sharing Passwords, SSH Servers without Managing Keys and Certificates
Identity-based, Application-layer/L7-aware, Context-aware ABAC Access via Control Policy-as-Code using CEL and Open Policy Agent (OPA)
Zero-Config, Lightweight Clients with Support for both Kernel-native WireGuard for Maximum Performance as well as Unprivileged, Rootless Tunneling over gVisor. Can Run anywhere from your Laptop to Containers, Kubernetes, IoT and GitHub Actions.
Eliminate Traditional VPN Problems: Use a Single Stable Route instead of Injecting Countless Routes into Your Users' Clients. Effortless Dual-Stack Networking Regardless of the Support at the Upstream. Seamless, Unified, Automatic Private DNS.
Seamlessly integrate any OpenID Connect or SAML 2.0 SSO Provider (IdP) as well as GitHub OAuth2 and Provide Secure Access to all your Resources for your Teams at Scale.
Authenticate your Workloads running from Kubernetes Clusters, Cloud Providers, GitHub Actions and SPIFFE Identities with OpenID Connect (OIDC) Assertions to Eliminate Managing and Distributing Credentials at Scale.
Public Clientless BeyondCorp access for both Humans via their Browsers asl well as Workloads written in any Programming Language via Standard OAuth2 Authentication Flow and Bearer Authentication Eliminating the Need to Use Clients or Special SDKs. Octelium even Supports Anonymous Access for Public Web Apps and APIs.
A Scalable Platform Built on top of Kubernetes for Automatic Horizontal Scalability and Availability
Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.
Dynamically Apply Native FIDO2 Passkey/WebAuthn, Time-based one-time Password (TOTP) Authentication and TPM 2.0 Authentication. Enforce Using Attested Hardware-based FIDO2 Authenticators in your Access Control Decisions.
OpenTelemetry-native, Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers
