Pricing page Form

Products:

Feature List

  • Role Based Access Control
  • VLAN
  • VPN
  • Wi-Fi Auth/RADIUS (EAP-TTLS)
  • LDAP
  • RBAC
  • G Suite, O365, Okta, Onelogin Integration
  • Pager Duty Integration
  • LDAP & RADIUS Logs (24h)
  • Bronze Level Support
  • Linux, UNIX Auth
  • Mac Auth
  • Windows Auth
  • SSH Key Auth
  • SSH Key Management (length and rotation enforcement)

Standard

Engineering

Optional Add-ons

Self-hosted or private tenancy available, please contact us

Description

Standard Users

Standard users have basic access to all LDAP, RADIUS, and API authentication.

Posix Users

Posix users are the same as standard users, but have extra POSIX information associated with them for LDAP requests. This is required for some systems like Mac OSX logins or Linux machines.

Engineers Users

Engineer users have the ability to manage SSH keys in Foxpass and use them to log into servers. They also have POSIX information associated with their account.

Extended Logging
Extends logging available for viewing from 1 day to 90 days. Also enables API and Amazon Kinesis streaming support for extracting logs from our database for your own analysis. This also includes the Event Logging feature (currently in Beta). Currently, these events include user lifecycle events and group membership changes. In the future, this will encompass logs for SSH key access, login attempts, and more detail for RADIUS and LDAP logs. These events are currently accessible via the API and will be available to stream using Amazon Kinesis. If there’s another event you’d like to see logged, reach out and let us know.
Local Cache
Provides you access to a local Foxpass Cache that lets you run a database on your own server. The cache periodically syncs with our database to get a copy of your directory. You can configure your hosts to point to the cache as a secondary authentication source. Then, in the event of a service interruption, your hosts will talk to your cache instead of our service and LDAP and SSH key functionality will continue uninterrupted. In the future this will support RADIUS access as well.
Advanced RADIUS

We recommend this add-on for all our customers who use RADIUS. RADIUS requires a unique username and password to log into a network, as opposed to just a universal, unsecured shared password. This is a great first step to secure your network, but to take it a step further, many use RadSec or EAP-TLS, which are both included in our Advanced RADIUS solution.

EAP-TLS allows devices to connect over RADIUS using 802.1X certificate based authentication. When you upload a Certificate Authority (CA) to Foxpass, devices with a certificate derived from the given CA will be allowed to connect to a WiFi network without needing to enter a username or password.

RadSec allows the transmission of RADIUS requests over a TLS-encrypted channel protocol to remote RADIUS Servers; this provides secure communication of RADIUS requests, even across untrusted networks. Furthermore, RadSec uses TCP instead of UDP for a more reliable transmission.

Samba/SMB Integration
Allows you to use Foxpass with devices that use Samba/SMB for authentication. This generally is used with Networked-attached storage (NAS) devices.
SUDOers Support
Support for centralized SUDOers management over LDAP. SUDOers allows you to set fine grained permissions for SUDO access on your hosts, restricting or enabling commands by user, group membership, or time.
LDAP Write Capabilities

By default, Foxpass's LDAP interface is read-only. With our LDAP Read/Write add-on, certain fields become read-write and can be modified using the LDAP protocol.

Session Recording

Record SSH sessions and search for the session by keyword, timestamp. or user. This feature is primarily used for debugging, record keeping, and to meet compliance requirements like HIPAA, SOX, SOC2 & PCI.

 *Paid plans are eligible for 2 business days email-based support, excluding federal US holidays. Other support options are available.
Foxpass

Frequently
Asked Questions

More questions?

Get Started Now

An Engineering user ("Eng." user for short) is a user that is authorized to log into Unix/Linux systems using SSH keys. Normally these will be your Engineers and/or DevOps employees. A Posix user is a user that can log in to machines using a username and password only (i.e. Mac OS X).

 

Can Access Standard Posix Engineer
VPN
LDAP
RADIUS (Wi-Fi)
Posix Systems & Machines  
SSH Key Management      
Servers will force users to login with an SSH key that is managed by Foxpass. Foxpass can also integrate with your VPN to allow users to log in using their Foxpass credentials.
You can either manually manage users or configure Foxpass to automatically sync users and groups with Google Apps, Office 365, Bitium, or Okta.
Users can log into your WiFi network using their Foxpass credentials. No more WiFi passwords on whiteboards!
You don't! You can integrate Foxpass with your current root identity (whether that's Google Apps, Office365, Bitium, Okta, OneLogin, etc.) for single-sign on functionality. That way, users only need to know one password.