Our great sponsors
-
Ory Hydra
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
-
warrant
Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Congrats on the launch, building a product in this space is incredibly difficult. I took a look at the stack, here are a few observations:
- "ISO certified secure auth": What does that mean? I could not find proof of your ISO certification. Can you please share?
- 10k M2M tokens for $250/month sounds like a really bad deal if I can just spin up https://github.com/ory/hydra that can easily handle 10k requests per second.
- Looks like you're using OAuth2 as the primary "login" and "session management". What compelled you to do this?
- It looks like you're using some open source technology under the hood for the OAuth2 flows - which one are you using (out of curiosity)?
What we're building at Warrant (https://warrant.dev/) might work for a lot of what you mentioned including APIs to build and manage multi-tenancy, groups, users, orgs/tenants.
Note - Warrant is an authz engine so it doesn't handle authn/identity/SSO but can plug-in with any authn system.
Disclosure, I work for FusionAuth.
> Multi-tenant (each of my customers gets a fully separate directory, with access to all tenants for our admins)
Yup.
> SAML and OAuth (customers can set up SAML themselves via the SaaS interface, or we set the SP up for them)
You'd have to build an interface using our APIs for this. Not available out of the box, but we do have it in the general roadmap (https://github.com/fusionauth/fusionauth-issues/issues/91 is the tracking issue).
> Rule based group assignment based on SAML attribute evaluation (e.g. assign users to this group if the attribute X = Y)
You could do this with Lambda HTTP Connect (a paid feature) or webhooks (a free feature. https://fusionauth.io/docs/v1/tech/lambdas/#using-lambda-htt... has more
> APIs to manage users, groups, organisations (tenants)
Yup.