Get started

Documentation
Get started
/ Gate
•••••••••••••••••••••••••

The edge identity service

Gate is a dedicated backend service to manage authentication, authorization and data governance for users and services in your production environment.

Sign up for free

Compatible with

AWS
Azure
Envoy
Istio
GCP
Kong
Kubernetes
nginx
Features/Why Gate

Modern Access Management for DevOps

AuthN, AuthZ and Data Governance in one place

No more lambdas, middleware and custom plugins spread out in your infrastructure and your application. 

plugins:
    - id: translator_up
      type: token-translation-upgrade
      enable_http_caching: true
      enabled: false
      parameters:
        <<: *slashid_config
        header_with_token: Authorization
        map_token_endpoint: http://backend:8000/map_token
urls: 
    - pattern: "*/api/admin"
      target: http://backend:8000
      plugins:
        translator_up:
          enabled: true
        validator:
          enabled: true
          parameters:
            token_schema: |
              patternProperties:
                user_roles:
                  contains:
                    const: admin
              required:
                - user_roles

yaml

25/25 ln

Multi-cloud and on premise

Gate can run in any cloud and on-prem

Any topology

Gate can be deployed as an external authorizer for Envoy-based proxies, a standalone service or as a sidecar.

Low latency and high performance

Gate can cache tokens reducing the number of roundtrips needed for each requests. Gate also embeds an OPA engine to process Rego policies locally.

Security-first

Provide audit logs, simplify Infosec/compliance audits, enforce least-privilege access policies and detect PII and sensitive data.


Identity provider agnostic

Gate can verify, enrich and translate any token from any IdP, including SAML and OIDC tokens.

Any authorization model

ABAC, RBAC, PBAC - Gate supports any major authorization model.

Identity-based rate limiting

Gate can rate limit based on token claims increasing performance and security.

Case studies/Proven approach

Top tier companies adopt a Gate-like approach

Netflix migrated to an Edge Authentication model to merge their identities.

Netflix

Authorization with Envoy at Square

Square

Protecting web applications via Envoy OAuth2 filter at J.P.Morgan

J.P.Morgan

AEGIS — Ankorstore's platform authentication system

Ankorstore

Rebuilding and Migrating a Session Management System with Zero Downtime

Doordash
Benefits/Use Cases

How can Gate help?

Speed up IdP migrations, implement fine-grained access control, detect PII. Gate can help you with all of that and more.

Token management

Verify tokens, add custom claims to your identity tokens, translate tokens between different IdPs for migration and federation.

Docs

M2M authentication and authorization

Authenticate and authorize s2s or m2m interactions with OAuth 2.0 client credentials or mTLS.

Docs

Application access panel

Adopt Zero Trust. Add Identity-based access and WebAuthn MFA to internal applications.

Docs

Identity-based rate limiting, caching and audit logs

Implement distributed caching and rate limiting based on specific token claims.

Docs

Authentication and authorization at the edge

Delegate authentication and authorization to Gate and easily enforce ABAC/OPA/RBAC policies.

Docs

PII and identity threat detection

Detect token misuse and PII leaks with Gate's built-in detection engine.

Docs
Deploy Gate/Get Started

Deploy Gate with your favorite IaC tool through your CI/CD pipeline

We provide scripts to integrate with most API gateways, proxies and CDNs. Gate ships as a Docker image or a static binary to deploy in your environment.

Get Started 

gate = {
  urls = [
    {
      pattern = "{{.gate.domain}}/id"
      target  = "{{.gate.authn.target}}"
      plugins = {
        request_validator = {
          enabled = false
        }
      }
      plugins = {
        request_validator = {
          enabled = false
        }
      }
    },
    {
      pattern = "{{.gate.domain}}/challenge"
      target  = "{{.gate.authn.target}}"
      plugins = {
        validator = {
          enabled = false
        }
      }
    },

tcl

27/27 ln