BastionXP

Passwordless, Zero Trust Identity-Based Infrastructure Access

Freemium

Description

BastionXP enables organizations to implement zero trust security by automating the creation, distribution, and management of short-lived SSH and SSL/TLS X.509 certificates. With integration to a wide range of SSO, IAM providers, and strong two-factor authentication, it ensures secure, identity-based access to cloud resources, servers, databases, and APIs.

The platform simplifies certificate lifecycle management and auditing, reducing risk from key sprawl and meeting compliance needs, while supporting both cloud-native and self-hosted deployments. It is suited for organizations aiming to secure workflows without adding complexity to their infrastructure access processes.

Key Features

Automated Certificate & Key Management: Handles creation, signing, distribution, and revocation of SSH and X.509 certificates.
Identity-Based Access Control: Issues certificates tied to host and user identity, requiring SSO and 2FA login.
Avoids Public Key Sprawl: Issues short-lived certificates to reduce risk and complexity.
Zero Trust Security Enforcement: Generates certificates for mutual TLS authentication and end-to-end encryption.
Auditing & Compliance: Logs all user activities and provides session recording for comprehensive audit trails.
Role Based Access Control: Allows granular access restrictions through RBAC policies.
SSO & 2FA Integration: Seamlessly works with IAM providers such as Azure AD, Google G-Suite, Okta, Keycloak, AWS IAM, and GitHub.
SSH Bastion Host Functionality: Acts as an SSH proxy for secure access and session audit.
Cloud & On-Premise Support: Cloud native application deployable on any major cloud or on-premise.
SaaS Offering: Available as a cloud-hosted service with free trial options.

Use Cases

Secure WiFi and VPN access with device attestation
Private Certificate Authority with ACME Server integration
User and device authentication via mutual TLS
Database access using mTLS for PostgreSQL and MySQL
API Gateway secured via mTLS
Role-based infrastructure access control
SSH session recording for compliance
Automated certificate issuance for servers, SaaS apps, and workloads

Frequently Asked Questions

What is BastionXP?

BastionXP is a Public Key Infrastructure (PKI) and Certificate Authority (CA) platform that integrates with identity management software to automate the creation, signing, and distribution of SSH and SSL/TLS X.509 certificates and keys, enabling secure, identity-based infrastructure access upon successful SSO login.

Can I get a free trial version of BastionXP?

Yes, you can download and try the community edition of BastionXP for free, with limited features. For the enterprise version trial, contact the sales team.

What features are available in the enterprise version of BastionXP?

The enterprise version offers private PKI/CA capabilities, expanded SSO/OAuth integrations, SCIM, RBAC policies, session recording, and priority customer support.

Can I host BastionXP in AWS?

Yes, BastionXP is a cloud-native application and can be deployed on any cloud platform, including AWS, GCP, Azure, or Digital Ocean.

Is BastionXP available as a SaaS offering?

Yes, BastionXP is available as a cloud-hosted SaaS solution with a 30-day free trial and no credit card required.