Advanced RADIUS

We recommend Advanced RADIUS for all our customers who use RADIUS. RADIUS requires a unique username and password to log into a network, as opposed to just a universal, vulnerable shared password. To take your security a step further, use RadSec or EAP-TLS,  which are both included in our Advanced RADIUS solution.

EAP-TLS allows devices to connect over RADIUS using 802.1X certificate-based authentication. When you upload a Certificate Authority (CA) to Foxpass, devices with a certificate derived from the given CA will be allowed to connect to a Wi-Fi network without needing to enter a username or password.

RadSec allows the transmission of RADIUS requests over a TLS-encrypted channel protocol to remote RADIUS Servers; this provides secure communication of RADIUS requests, even across untrusted networks. Furthermore, RadSec uses TCP instead of UDP for more reliable transmissions.

Extended Logging

Extends logging available for viewing from 1 day to 90 days. Also enables API and Amazon Kinesis streaming support for extracting logs from our database for your own analysis.

This also includes the Event Logging feature (currently in Beta). Now, these events include user lifecycle events and group membership changes. In the future, this will encompass logs for SSH key access, login attempts, and more detail for RADIUS and LDAP logs. These events are currently accessible via the API and will be available to stream using Amazon Kinesis. If there’s another event you’d like to see logged, reach out and let us know. 

Local Cache

Provides you access to a local Foxpass Cache that lets you run a database on your own server. The cache periodically syncs with our database to get a copy of your directory. You can configure your hosts to point to the cache as a secondary authentication source. Then, in the event of a service interruption, your hosts will talk to your cache instead of our service and LDAP and SSH key functionality will continue uninterrupted. In the future this will support RADIUS access as well.

Advanced LDAP

By default, Foxpass's LDAP interface is read-only. With our Advanced LDAP add-on, certain fields become read-write and can be modified using the LDAP protocol.

SUDOers Support

Support for centralized SUDOers management over LDAP. SUDOers allows you to set fine grained permissions for SUDO access on your hosts, restricting or enabling commands by user, group membership, or time.

Samba/SMB Integration

Allows you to use Foxpass with devices that use Samba/SMB for authentication. This generally is used with Networked-attached storage (NAS) devices.

SSO for tech teams

SAML based Single Sign-On (SSO). With the Foxpass Single Sign On (SSO) add-on, your already authenticated users with Foxpass can now securely log in to different service providers (like AWS, Google Workspace, Github) saving them time and effort. Both GUI and Command-line-based SSO access are supported via temporary credentials which is a more secure way to federate to service providers than storing access credentials on your host. You can also limit access to apps to select users or groups based on your needs.

Session Recording

Useful for monitoring and debugging, Session recording allows an admin to record users' SSH sessions and replay the recording at any time. To add, you can also search the whole session by keywords or timestamps to find specific problems within moments in the code.