Foxpass integrates with your current root identity (whether that's Google Apps, Office 365, Bitium, Okta, OneLogin, etc.) to bring single-sign-on into your server and Wifi infrastructure.
Foxpass is cloud-hosted, meaning there's no hardware to build, buy, scale, or maintain. And if cloud doesn't work for you, we have an on-premise version available.
With Foxpass, it's no longer necessary to hard-code all users, groups, and SSH keys onto each host with Puppet or Chef. Instead, using trusted LDAP PAM modules built into every popular Linux distro, each host will check Foxpass to see if a certain user is allowed access, and then will check the user's SSH key with the keys in the user's Foxpass account. LDAP will pass along the user's group information as well, which facilitates a robust and dynamic access policy on a per-host or per-resource basis. Example setup notes are available.
Foxpass allows you to have individual logins to your Mac OSX computers, all served up from our LDAP server. Each user will get his/her own private home folder, or all users can share one.
Applications like OpenVPN, Jenkins, Tableau, Chef Server, Nagios, TeamCity, JAMF Casper, Github Enterprise, Splunk, etc. have LDAP connectors that will work with Foxpass. See our documentation for detailed how-to for many applications.
A network password that is shared with all employees is a security risk when an employee departs and the password is not changed. Most access points support WPA2 enterprise, which enables 802.1x authentication via RADIUS. By default, our RADIUS servers use only the most secure RADIUS variants available: EAP-TTLS-PAP to secure password transmissions over the Internet and (optionally) certificate-based EAP-TLS. (PEAP and PAP available but not recommended.) Our RADIUS interface can also work to simplify logins to your VPN.
Foxpass allows users to manage their own SSH keys. When an employee gets a new laptop, he/she can upload his/her new key to Foxpass and log into machines without needing to go through an admin or wait for a Puppet/Chef cycle. Furthermore, admins can enforce an SSH key rotation policy adhere to company guidelines.
Infrastructure access should not be all-or-none. Server access should be granted only on a "need-to-go" basis. Foxpass makes it simple to create groups of servers; either by hostname or by Amazon Web Services properties like VPC id, Subnet id, or even a tag. Individual users and groups of users can be permitted access, either on a permanent or temporary basis. Now it's simple to let a single QA engineer visit production to track down a bug, but have their access be revoked automatically at the end of the day.