DEV Community: BoxyHQ

7 Frameworks, One SAML Jackson - Your Open Source Single Sign-On Solution

Schalk Neethling — Thu, 04 Apr 2024 00:12:18 +0000

Many SaaS founders building services for the business-to-business (B2B) industry will quickly encounter the need to offer single sign-on as part of their SaaS offerings or risk losing out on lucrative enterprise sales. While there are quite a few providers in this space, there are very few with the flexibility and ease of adoption of BoxyHQ's SAML Jackson.

Two of the core strengths of any open-source project are the quality of its documentation and a helpful and supportive community. You will be delighted to learn that BoxyHQ has got you covered on both of these fronts. From the clearly written README that gets SAML Jackson running locally in no time, to detailed guides demonstrating how to integrate SAML Jackson into your application, and a supportive community, you are in good hands.

Did you know? Most enterprises rely on SAML-based single sign-on (SSO). But what is SAML? Learn more in this post.

The Guides

In the JavaScript ecosystem, there are guides for enabling SAML-based enterprise single sign-on in AdonisJS, Express.js, Next.js, Remix, and React with an Express.js backend.

Each guide follows a similar outline with some additional steps detailed where needed.

Configure SAML Single Sign-On

This section features two guides that help you understand everything you need to know about configuring SAML single sign-on. The first guide assists you in configuring SAML SSO and the second covers the SSO Connection API.

Authenticate with SAML Single Sign-On

The authentication portion of the guides follows a similar seven-step process, with some of the guides requiring additional steps.

Install SAML Jackson
Setup SAML Jackson
Make an Authentication Request
Receives SAML Response
Request Access Token
Fetch User Profile
Authenticate User

Some guides require you to run SAML Jackson as a service. In these cases, you can either:

Run it locally by following the setup guide in the project README
Deploy an instance using Vercel
Deploy an instance using Heroku

Question: What other deployment targets would you like to see? Let us know in the comments.

For some people, there is nothing like "view source". If this is you, you will be happy to know that for each of these frameworks there exists a sample implementation (jackson-examples repo):

AdonisJS
ExpressJS
For Next.js there is this sample application, and you can also look at the BoxyHQ Enterprise SaaS starter kit for a complete implementation example.
For React there is an example application and an example of the backend Express API referenced in the guide.
The Remix guide is one of the guides that is quite different and has it's own repo containing an example implementation.

Question: Is your chosen framework missing from the list? Let us know in the comments which frameworks we should cover next.

Using Laravel or Ruby on Rails? We have not forgotten about you. As with the JavaScript frameworks above, we have you covered with guides and sample implementations.

SAML Jackson Laravel guide and sample app.
SAML Jackson Ruby on Rails guide and sample app.

Question: As with the JavaScript frameworks, let us know in the comments which frameworks we should cover next.

With these guides, sample applications, and the supportive community there is no need to put off adding single sign-on to your SaaS application today.

NOTE: Because everything mentioned here is open-source we welcome your contributions to make what we have today even better.

Stop by BoxyHQ's home on GitHub and share some love and appreciation by adding a star to the powerhouse behind this, SAML Jackson.

A Secure, Privacy-First AI-driven Data Collection Platform: BlockSurvey

Schalk Neethling — Wed, 13 Mar 2024 13:48:15 +0000

BlockSurvey, is a pioneering decentralized AI-driven data collection platform, designed with the core mission of enhancing privacy and security in the digital data collection process. By leveraging cutting-edge blockchain technology, BlockSurvey empowers both individuals and organizations to gather and disseminate information via forms and surveys in an environment where confidentiality and data protection are paramount. This innovative approach not only safeguards the respondents' privacy but also ensures the integrity of the data collected.

Introduction

In a world where data privacy has become a paramount concern, BlockSurvey stands out as a beacon of trust and security. Committed to empowering users with complete ownership over their data, BlockSurvey faced the challenge of ensuring enterprise-level security and privacy for its customers.

The solution? BoxyHQ’s Single Sign-On powered by the open-source SAML Jackson.

The Challenge

At the heart of BlockSurvey's mission is the promise of unparalleled data privacy and security. But with great promise comes the challenge of implementation, especially as BlockSurvey sought to expand its offerings to enterprise clients. They needed a robust SSO solution that not only streamlined access management but also reinforced their commitment to privacy and security.

The Solution

BoxyHQ emerged as the perfect partner in this journey. With its open-source SSO solution, BoxyHQ offered the flexibility, ease of integration, and, most importantly, the security assurance BlockSurvey was seeking. The decision to collaborate with BoxyHQ was driven by a shared vision for privacy and security, making BoxyHQ's SAML Jackson the cornerstone of BlockSurvey's enterprise security framework.

The Impact

The integration of BoxyHQ's SSO solution transformed BlockSurvey's operational and security landscape. Not only did it enhance user experience by streamlining the login process, but it also significantly bolstered client confidence. The direct benefits were immediate: a seamless, secure, and efficient login experience for users across the board.

But the ripple effects went deeper. As noted by Raja Ilayaperumal, Co-Founder and CTO of BlockSurvey, "With our inaugural client already onboarded, we're thrilled by the positive reception. We anticipate a substantial and lasting impact on our business in the long run." This partnership has paved the way for BlockSurvey to onboard enterprise clients more effectively, marking a significant milestone in their growth journey.

Conclusion

The collaboration between BlockSurvey and BoxyHQ is more than just a technical integration; it's a partnership that enhances the very essence of privacy and security in digital data collection platforms. By leveraging BoxyHQ's expertise in enterprise single sign-on (SSO), BlockSurvey is not only able to offer a superior product but also reinforce its commitment to data privacy and security, ensuring a safer digital space for all users.

Discover how BoxyHQ can empower your business with secure, scalable, and user-friendly SSO solutions. Read more about our Enterprise SSO offerings and how we can help elevate your security standards.

SSO vs. Identity Federation: Optimizing Authentication for Modern Enterprises

Sama — Tue, 27 Feb 2024 20:04:48 +0000

In today's interconnected digital ecosystem, businesses are constantly seeking efficient and secure solutions to manage user authentication across multiple applications and domains. Identity Federation and Single Sign-On (SSO) stand out as two prominent approaches, each offering distinct advantages and use cases. Let's explore the differences between Identity Federation and SSO, their benefits, and how they address the evolving needs of enterprises.

Single Sign-On (SSO): Simplifying Access, Enhancing Security

Single Sign-On (SSO) revolutionizes the user authentication experience by enabling users to access multiple applications with a single set of credentials. Whether it's employees navigating various internal tools or customers interacting with diverse services, SSO streamlines login processes, enhances productivity, and bolsters security. Key features of SSO include:

Seamless Access: Users enjoy a frictionless login experience, eliminating the need to remember and enter multiple passwords for different applications.
Enhanced Security: By reducing the number of credentials users manage, SSO mitigates the risk of password-related vulnerabilities and unauthorized access.
Improved User Experience: SSO fosters a seamless and intuitive login process, boosting user satisfaction and productivity.
Cost Savings: Organizations benefit from reduced IT support costs associated with password management and help desk inquiries.

Identity Federation (FIM): Extending Access Across Boundaries

Identity Federation expands upon the capabilities of SSO by facilitating seamless authentication across organizational boundaries and disparate domains. By establishing trusted relationships between entities, Identity Federation enables users to authenticate once and access resources across multiple organizations or service providers. Key features of Identity Federation include:

Cross-Domain Authentication: Users can seamlessly access resources across different organizational boundaries without the need for separate authentication processes.
Interoperability: Identity Federation leverages standard protocols like SAML, OAuth, and OpenID Connect to ensure interoperability and secure identity exchange between domains.
Enhanced Collaboration: By enabling seamless access to external applications and resources, Identity Federation fosters collaboration, partnerships, and innovation across organizations.
Scalability and Flexibility: Identity Federation accommodates the dynamic needs of modern enterprises, supporting remote work, cloud-based services, and distributed teams.

Identity Providers (IdPs): The Backbone of Identity Federation

Central to Identity Federation is the concept of Identity Providers (IdPs). IdPs serve as the authoritative source for user authentication and identity verification. They establish trusted relationships with Service Providers (SPs) to enable seamless authentication and access to resources across different domains. IdPs play a crucial role in ensuring the security, interoperability, and scalability of Identity Federation solutions.

Choosing the Right Solution

When selecting between Identity Federation and Single Sign-On, enterprises should consider their specific requirements, security posture, and scalability needs. While SSO excels in simplifying access within organizational boundaries, Identity Federation extends authentication capabilities across domains, supporting collaboration and partnership initiatives. By implementing a comprehensive authentication strategy that leverages both SSO and Identity Federation, enterprises can optimize security, productivity, and user experience in today's digital landscape.

Conclusion

In the realm of user authentication, Identity Federation and Single Sign-On represent two powerful approaches for simplifying access, enhancing security, and fostering collaboration. By understanding the nuances of each solution and aligning them with organizational goals, enterprises can navigate the complexities of modern authentication challenges and unlock new opportunities for innovation and growth. Whether it's streamlining internal workflows or facilitating external partnerships, Identity Federation and Single Sign-On are indispensable tools in the arsenal of today's digital enterprises.

BoxyHQ + Cerbos: Merging SSO and Authorization

Kiran Krishnan — Mon, 24 Jul 2023 00:00:00 +0000

In this article, we will see how to enable Enterprise SSO login (based on the SAML single sign-on protocol) using Okta for your Next.js app and relay role-based access directly from the Identity Provider to Cerbos.

We'll be using BoxyHQ's open-source Enterprise SSO solution (called SAML Jackson) to interface with Okta. We'll use the principle of minimal UI and include only the necessary interface in our example application.

Introduction to SAML single sign-on

Security Assertion Markup Language (SAML) was designed for traditional web applications in the early 2000s. The goal was to provide a seamless user experience for applications by federating authentication to an IdP.

As a result, applications no longer had to maintain identities for users. All they had to do was to redirect the browser to the IdP which would then authenticate the user and return an assertion about the logged-in user.

This assertion in effect was a token, asserting to the app that the user authenticated at the IdP and the assertion is valid for the set period contained within it. You can read more about SAML and other SSO protocols here.

SAML continues to be a very popular choice of protocol when there's a need to provide a single sign-on (SSO) experience for an enterprise application. Microsoft has great resources explaining SAML authentication and SAML at a deeper level.

Benefits of using SAML

Increased Security

SAML is at its heart a security standard and as it provides a single point of authentication that takes place in a secure environment it adds an extra layer of security to your service that most enterprise customers will ask for.

Improved user experience

As a user, SAML is very simple and pleasant to use as you only have to log in once and then you can access all your external services on a dashboard with a single click. This saves the user time and makes their overall experience of your product better.

Reduces cost

Without SAML you have to maintain account information across multiple services but when you use SAML this is all managed by the IdP.

Introduction to BoxyHQ

BoxyHQ implements and maintains an open-source project that handles all the service provider functionality for implementing SAML, hiding away all the complexity you read about above behind the more popular and well-understood OAuth 2.0 protocol.

Introduction to Cerbos

Cerbos is the open-core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

In this tutorial, we are using BoxyHQ as the service provider layer between our example Next.js application and Okta as the Identity Provider to showcase the benefits of syncing roles and permissions during SSO login.

Overview of the example app

The example app is a simple Next.js app that uses SAML Jackson for SAML SSO authentication and Cerbos for authorization.

The app has two pages:

/ - Display the authenticated user's profile and authorization decisions returned by Cerbos API.
/saml-connection - Update the SAML connection details.

The example app runs on port 3000. SAML Jackson and Cerbos are running on ports 5225 and 3593 respectively within Docker containers.

You are free to use cloud versions of Cerbos, the instructions for those wouldn’t change a lot but have been avoided in this article to keep it short.

The example app is configured to work with 2 roles: app-admin and app-user.

The app-admin role has access to all resources.
The app-user role has access to resources only the user owns.

Take a look at the cerbos/policies/contact.yaml file to see how the policies are defined for the example app. You can try changing the policies and see how the authorization decisions change in the app.

The following diagram shows the architecture of the example app.

1. Setup the example app

Clone the example app repository:

git clone https://github.com/boxyhq/jackson-cerbos

Navigate to the example app directory and run npm install to install the dependencies.

cd jackson-cerbos

npm install

If you navigate to http://localhost:3000 on your browser, you should see the following page.

This would mean that the example app is running successfully and you can now proceed to the next step.

The README file repository has all details about the example app. You can refer to it if you have anything unclear in this article.

2. Setup SAML App in Okta

The next step is to set up a SAML app in Okta. If you don't have an Okta account, you can create a free developer account https://developer.okta.com/signup/.

Alternatively, you can also use other SAML IdPs like Azure AD, OneLogin, Auth0, etc. The steps for those would be similar to the ones for Okta.

In this article, we will use Okta as the IdP.

If you are unfamiliar with creating a SAML app in Okta, you can follow the instructions here.

You will want to use the Assertion Consumer Service URL and Entity ID from http://localhost:5225/.well-known/saml-configuration.

Do not worry about the roles attribute yet, we’ll configure that in a later step once we have ensured the SSO login flow works correctly.

Next, download the SAML Metadata XML file from the Okta app. You will need this file in the next step.

3. Create a SAML connection in SAML Jackson

Now that we have the SAML app setup in Okta, we need to create a SAML connection in SAML Jackson.

Navigate to http://localhost:3000/saml-connection on your browser and paste the contents of the SAML Metadata XML file you downloaded in the previous step in the XML Metadata field. Click on Create SAML Connection to create the SAML connection.

If you see the status SAML SSO Enabled on the page, it means that the SAML connection was created successfully.

4. Login with SAML SSO

Now that we have the SAML connection setup, we can try logging in with SAML SSO.

Navigate to http://localhost:3000/login on your browser, enter the email address and click on Continue with SAML SSO.

You will be redirected to the Okta login page. Enter the credentials and click on Sign In.

You will be redirected back to the home page of the example app and you should see the Profile of the authenticated user.

This means that you have successfully logged in with SAML SSO.

Since we haven't configured the roles attribute yet, all the users will be assigned the app-user role by default.

5. Configure the groups attribute in Okta App

Now that we have ensured that the SSO login flow works correctly, we can configure the groups attribute in Okta.

Groups attribute allows you to map the groups in your identity provider to the roles in your application.

Create a group in Okta

First, we need to create a group in Okta. Navigate to the Directory > Groups from the left navigation menu.

Click on Add group and enter the group name and description (optional)

Next create two new groups: app-admin and app-user.

After creating the groups, you will see the groups listed in the Groups page.

Next we need to add the users to the groups. Navigate to the group you just created and click on the People tab.

Click on the Assign people button and assign the users you want to add to the group.

Repeat the same steps for the second group.Configure the groups attribute in Okta

Now that we have created the groups in Okta, we need to configure the groups attribute in Okta.

Navigate to the SAML Settings tab in the Okta app and click on Edit.

Now click on the Configure SAML tab and scroll down to the Group Attribute Statements section.

Click on Add Another and enter the following values

Name: groups
Name format: Unspecified
Filter: Starts with app-

Note the app- prefix in the filter. This will ensure that only the groups that start with app- are returned in the SAML response from Okta. So if you have other groups in Okta, they will not be returned in the SAML response. This is useful if you want to map only a subset of the groups in Okta to the roles in your application.

There are also other filter options available in the Group Attribute Statements section. You can read more about them in the Okta documentation.

6. Test the authorization

Now that we have configured the group attribute, we can test the authorization.

Navigate to http://localhost:3000 on your browser and click the Sign Out button.

Let's try logging in with a user that has the app-admin role.

You will be redirected to the Okta login page. Enter the credentials and click on Sign In.

You will be redirected back to the home page of the example app and you should see the Profile of the authenticated user.

Access API authorized by Cerbos

In the Access API authorized by Cerbos section, we've added a table to display Cerbos authorization decisions for the authenticated user for the resources in the example app.

Here is the overview of the policies defined in the cerbos/policies/contact.yaml file.

A user with the app-admin role can perform all actions on all resources.
A user with the app-user role can perform read and update actions on resources they own.

resourcePolicy: version: default resource: contact rules: - actions: ['read', 'create', 'update', 'delete'] effect: EFFECT_ALLOW roles: - app-admin - actions: ['read', 'update'] effect: EFFECT_ALLOW roles: - app-user condition: match: expr: request.resource.attr.author == request.principal.id

Guarded Routes

In the Guarded Routes section at the bottom of the page, we've added 3 routes to showcase how Cerbos can be used to guard routes in your application.

Route the Admin user role can access: Can be accessed by the user with the app-admin role.
Route the User and Admin user roles can access: Can be accessed by the user with the app-user or app-admin role.
Route the User does not have access to: Can be accessed by the user who owns the resource.

Closing thoughts

In this article, we have seen how to integrate SAML SSO with Jackson and Cerbos. We have implemented authentication and authorization using SAML SSO, Jackson and Cerbos.

This opens up whole new possibilities for enterprise apps using Jackson and Cerbos. I’d love to hear of all the cool apps and features you are going to build, please reach out to Jackson or Cerbos if you found this article useful.

Access the source code for this article here: https://github.com/boxyhq/jackson-cerbos

Learn More

To learn more about SAML Jackson and Cerbos, take a look at the following resources:

boxyhq / jackson

🔥 Streamline your web application's authentication with Jackson, an SSO service supporting SAML and OpenID Connect protocols. Beyond enterprise-grade Single Sign-On, it also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. 🤩

SAML Jackson: Open Source Enterprise SSO And Directory Sync

SAML Jackson bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect, abstracting away all the complexities of the SAML protocol. It also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning.

We now also support OpenID Connect providers.

Directory Sync

SAML Jackson also supports Directory Sync based on the SCIM 2.0 protocol.

Directory sync helps organizations automate the provisioning and de-provisioning of their users. As a result, it streamlines the user lifecycle management process by saving valuable organizational hours, creating a single truth source of the user identity data, and facilitating them to keep the data secure.

For complete documentation, visit boxyhq.com/docs/directory-sync/overview

🌟 Why star this repository?

If you find this project helpful, please consider supporting us by starring the repository and sharing it with others. This helps others find the project…

View on GitHub

BoxyHQ - The must-have for your startup's next enterprise customer

Deepak Prabhakara — Thu, 20 Jul 2023 00:00:00 +0000

Add plug-and-play features to your SaaS product with BoxyHQ's product suite. Become enterprise-ready!

IntroductionIntro

BoxyHQ enables you to add plug-and-play enterprise-ready features to your SaaS product.

The WhyThey why

It initially started with identifying the pain of developers having a TON of responsibility — right from infrastructure to actually building the product.

And with the growing cybersecurity attacks, they need to start thinking about security as well.

Photo by FLY:D on Unsplash

[Cyber-crimes are predicted to cost $10.5 trillion annually by 2025]

The goal is to help smaller startups become enterprise-ready.

Because until there’s an enterprise client coming in, security is usually an afterthought.

But they (enterprise customers) are the ones who question your security posture, compliances and more — as a company.

[About 70% of development teams skip crucial security steps due to time pressures.]

That’s where BoxyHQ comes in.

But wait… What is enterprise-readiness?

In a nutshell, it’s being secure, scalable, stable, and easy to run in production.

According to Sama — Carlos Samame (Co-Founder), there are 2 paths for startups towards the need to be enterprise-ready:

Initially focused on smaller customers and now looking to expand.
Building a new product and targeting enterprise customers from Day 1.

But how do things look like from the enterprises’ end?

Enterprise customers are often apprehensive (concerned) about trusting startups vs. established businesses. Because the stakes are usually much higher.

They’re mainly looking for 2 things:

Your other enterprise customers (helps credibility)
Whether you follow the compliance requirements (key necessity)

They look for quite a few standards to be met in a solution provider 👇🏻

Source EnterpriseReady.io

Before you feel overwhelmed, he further adds that you don’t need to start building all of this, and focus on 3 key areas:

#### Customer obsession

Understand their current needs, pains, motivations, processes, and most importantly — whether the plenty of software they already use will work smoothly with yours.

#### Time to market

Invest in off-the-shelf enterprise readiness solutions that you can integrate into your SaaS app vs. spending months building in-house. Spend more time on your core product vs. non-core features.

#### Reduced engineering costs

Investing in external solutions saves developer time spent on coding, fixing bugs, and the overall learning curve.

“People’s time is more expensive than developer tools.”

A great way is to rely on open easily available open source solutions.

Source: Be enterprise-ready: 3 reasons not to build enterprise features!

The BoxyHQ suite — in the chronological order of release.

1. Open Source SAML Jackson

Yep, that’s the product’s name. Pulp Fiction fans get the reference but for others–

💡 Pulp Fiction is a 1994 American crime film written and directed by Quentin Tarantino. Samuel Jackson starred in a leading role.

SAML SSO was the first product created by Team BoxyHQ — pioneering their vision for enterprise readiness. (Launched on August 4, 2022)

SAML: Security Assertion Markup Language SSO: Single Sign-on

What does it do?

It offers an out-of-the-box solution for deploying SAML quickly and efficiently — helping your *enterprise customers manage access controls on their systems.

How does it work?

Just connect your product to BoxyHQ and everything else is managed for you!

BoxyHQ connects to almost every identity providers for you to go from the first line of code to fully support SAML in just a week!

What are its benefits?

Centralized management and increased security 🔒

Enable your customers to manage access control on their own systems so they can:

Have the right access
Prevent password sharing
Easily grant and revoke access as needed

Better user experience ✨

Just need to log in once to access all the external services on a dashboard with a single click. It’s simple and easy to use.

Saves users’ time
Improves your product’s UX

Reduces costs💲

All the account information is maintained and managed by the IdP vs. multiple services. This helps in saving costs.

(IdP is the identity provider — the single point that let its users access all the services from it)

“The idea behind SAML SSO is that by centralizing your access to an external system you can better manage access and permission as well as improve security.”

Aswin Venugopal, Senior Software Engineer

TL;DR

Without BoxyHQ’s SAML SSO, on the user side 😔

Without BoxyHQ

Spend a long time to build a SAML integration
Create integrations for each of your customer’s identity providers (IdP)
Spend time, energy, focus, and resources away from your core product

With BoxyHQ’S SAML SSO authentication 🤠

With BoxyHQ

Centralize management
Improve security
Enhance user experience
Increase productivity
Save time, reduce costs

On the solution provider’s side, it looks like:

Without BoxyHQ

With BoxyHQ

Here, you only have to connect your product with a direct integration to BoxyHQ and then it manages and connects you to all the IDPs. You can deploy SAML SSO with just a few lines of code!

🔗 The sources are linked here and here (official BoxyHQ blogs)

“Deepak (Co-Founder) himself helped us implement SSO SAML in cal.com and we’re more than happy about it! it’s great to finally see an open source project tackle enterprise-ready features!”

— Peer Richelsen, Co-Founder at Cal.com

Note: Team BoxyHQ recently re-launched the enhanced SAML SSO on Product Hunt! 🚀

2. Open Source Directory Sync

Organizations use directories from different providers to manage user access to organization resources.

BoxyHQ’s Directory Sync lets orgs activate and deactivate user accounts, create groups, and keep their app in sync with the user directory in real time.

💡 In an enterprise customer context, a directory is a central repository that holds information about employees, customers, and other resources in a company.

In simple words, you enable your customers to:

Have higher security standards
Centrally manage their user’s access lifecycle

It supports the SCIM 2.0 protocol

SCIM: System for Cross-domain Identity Management

“Directory Sync streamlines the user lifecycle management process by saving valuable organizational hours, creating a single truth source of the user identity data, and facilitating them to keep the data secure.”

-BoxyHQ Official Docs

Learn more: Examples & Resources (Directory Sync)

3. Open Source Audit Logs

BoxyHQ’s Audit Logs ‘Retraced’ offer your enterprise customers the ability to record and search events that happen on your application.

Note: Retraced was initially built by Replicated and has been enhanced by BoxyHQ.

They provide a detailed record of user actions, and can be used to monitor potential security breaches, compliance violations, and other issues.

“The world’s best SaaS companies offer detailed Audit Logs, your SaaS should too as you move into serving the enterprise segment.” -Vanshika Srivastava

Why are Audit Logs important?

For most companies, the ability to monitor the flow of data and be alerted to any breaches is super essential.

Audit logs help to pinpoint any misuse of information and ensure that data policies are followed ✅

This one simple API helps you become compliant fast, and ensure your customers get all the functionality and safety they need.

4. Admin Portal

Manage Enterprise SSO, Directory Sync, and Audit Logs products via an easy-to-use web interface.

It can help you streamline your workflows and increase productivity.

You can use the authentication method of your choice (Magic Link, Email and Passsword, SAML/OIDC Single-sign-on)

BoxyHQ’s future products (where relevant) will also be available in the Admin Portal.

To enable the Admin Portal, you need to deploy Jackson as a service.

5. Data Privacy Vault

In the day and age of high cyber-crime, and increasingly sensitive data– you need to protect your customer’s data and trust.

Privacy vault is BoxyHQ’s open-source solution to centralize, isolate, and govern all the sensitive data you collect.

With the Privacy Vault, you can:

Identify all the sensitive data from clients’ application database and move it to the vault.
Replace the sensitive data in their application database with (exchangeable) opaque tokens.
Gain control over where the sensitive data goes, who has access to it and for what duration.
Create access policies that adhere to data regulations and geographic regulations.
Get the ability to respond to DSRs (Data Subject Requests) from customers.

What users are saying 💬

“It let our team focus on what we do best (democratizing scheduling for everyone) without getting distracted by the needs of our enterprise customers. Did I mention it’s open-source and free?”

Super Tokens — An open-source authentication solution

“We at SuperTokens needed to provide SAML login to our users, and instead of building it from scratch, we found the perfect open source project — BoxyHQ!”

Media Features

Meet the Founders ✨

Deepak Prabhakara, CEO & Co-founder

Deepak has over 2 decades of experience in design, architecture and development of complex software products across different SaaS and mobile platforms.

Sama has 15+ years of experience working at tech companies across different business areas and continents.

The BoxyHQ Pledge 📜

“As long-time users and contributors to the open-source ecosystem, we want to do the right thing for the community. That means we will make sure that our core open-source code stays open. We will also strive to use open standards where possible. We want to collaborate with the community to build towards our vision to make security, compliance and privacy easy for developers so they can focus on their core product while being compliant...”

Learn more here: BoxyHQ pledges to keep our core open-source code open

What’s Next for BoxyHQ 🚀

You can sign up for the waitlist before August 1, and make the most of this limited-time offer.

Check out BoxyHQ’s GitHub page, official documentation, and Twitter profile. 🚀

And don’t forget to follow Scoutflo on Twitter if you haven’t already! ✨

We’re also active on LinkedIn 💙

Cover photo by Dan Nelson on Unsplash

The new era of Application Security: Security Building Blocks for Developers

Deepak Prabhakara — Mon, 10 Jul 2023 00:00:00 +0000

The new era of Application Security: Security Building Blocks for Developers

With the proliferation of data breaches and cyber-attacks, developers must take a proactive approach to security. BoxyHQ's Security Building Blocks for Developers are designed to help developers build and deploy secure applications with minimal effort and expertise.

In addition to their core products security teams are finding it hard to keep pace with new no-code and low-code apps that are being created in the company. The arrival of Generative AI and ChatGPT has complicated the landscape even further.

The importance of integrating robust security measures into software applications cannot be overstated. BoxyHQ, a security-focused platform for developers, is leading the way with its Security Building Blocks for Developers, inspired by the concept of Minimum Viable Security (MVS) championed by mvsp.dev.

BoxyHQ is set to revolutionize application security. Drawing insights from industry pioneers such as Twilio, Stripe, HashiCorp, and Snyk, BoxyHQ's open-source Security Building Blocks offer a comprehensive solution that empowers developers to build secure software products with ease and efficiency.

Building and Shipping Secure Software Products in Hours, Not Months

Building and shipping security features in hours instead of months is now a reality. In the fast-paced world of software development, time is of the essence. Traditional approaches to security often involve time-consuming and complex implementations. However, by embracing BoxyHQ's Security Building Blocks, developers can now build and ship secure software products in a fraction of the time it would take to develop these features from scratch. This not only saves valuable time but also accelerates time-to-market, giving businesses a competitive edge.

Democratizing Secure Development: Making Security Accessible to All

The developer community has long embraced the open-source movement. Open-source software fosters collaboration, innovation, and rapid evolution. By offering Security Building Blocks as open-source projects, BoxyHQ empowers developers to contribute, customize, and tailor security features to suit their specific needs. This flexibility not only enables developers to address unique requirements but also creates an ecosystem where best practices and security advancements are shared, benefiting the entire community. We hypothesize that in the future many of these security features will be a commodity, and will be implemented by any software product, not just the ones that need to be enterprise-grade.

Minimum Viable Security (MVS): Building a Strong Foundation

Photo by Shubham Dhage on Unsplash

Minimum Viable Security (MVS) is a concept focused on identifying and implementing the essential security measures necessary to protect an application from common threats. BoxyHQ embraces the principles of MVS and provides developers with Security Building Blocks that address these foundational security needs. By adopting an MVS approach, developers can prioritize the integration of critical security features, ensuring a solid foundation for their applications while minimizing unnecessary complexity and overhead.

Comprehensive Integration: Uniting Security Features for Maximum Effectiveness

BoxyHQ's Security Building Blocks integrate multiple security components, each designed to address a specific aspect of application security. By combining these features, developers can create a comprehensive security framework for their applications. Whether it's the secure authentication facilitated by the Enterprise Single Sign-On (SSO) product, the real-time synchronization provided by Directory Sync, the compliant logs generated by Audit Logs (Retraced), or the encrypted storage capabilities of the Data Privacy Vault (PII, PCI, PHI compliant), these components seamlessly work together to strengthen the overall security posture of applications.

Closing the Gap Between Compliance and Security

One of the key advantages of BoxyHQ is its ability to bridge the gap between compliance and security. With the increasing focus on cybersecurity vulnerabilities, compliance alone is not sufficient to protect against threats. BoxyHQ's comprehensive suite of open-source security components ensures that developers can not only meet compliance requirements but also implement robust security measures. By integrating these building blocks, businesses can confidently navigate the complex landscape of security and compliance, safeguarding their data and systems while staying ahead of potential threats. Aligned with this vision we consolidated a list of free awesome open-source developer-first security tools that includes security principles and controls relevant to popular compliance certifications. (like ISO27001, SOC2, MVSP, etc)

The security building blocks for developers are supported by extensive documentation, an admin portal for easy management, and customer support and advice for each customer's unique needs. BoxyHQ's products represent a significant step forward for developers looking to improve the security of their applications.

In conclusion, BoxyHQ aims to make a significant impact on the industry. By providing simple and efficient integrations for minimum viable security features, BoxyHQ is helping to ensure that developers and businesses of all sizes can protect their sensitive data and systems against threats, ultimately making the internet a safer place for everyone.

🔨Build Enterprise Software with No-Code 💬Thanks to Bubble.io

Nathan Tarbert — Thu, 11 May 2023 00:00:00 +0000

Building your enterprise applications on Bubble is now easier than ever with BoxyHQ, a single API to connect to enterprise Single Sign-On (SSO), and multiple security compliance features.

What is Bubble.io?

Bubble is a visual drag-and-drop programming language. Instead of scripting code, users can leverage a visual interface to build applications - simple or complex. This makes building apps accessible to people (or teams) with a big idea - but no programming skills.

What is a Bubble.io Plugin?

Plugins are third-party Bubble.io components that are not part of the Bubble core platform functionality. They can be freely provided by the creators or available as a paid plugin.

Bubble Makes It Simple

One of the benefits of using a no-code platform like Bubble is that not only can you build an application quickly, but you also have the ability to architect complex features. If we look back just a few years, this was not possible. You would have 2 options:

Hire a developer or development team
Delegate to a developer or team

But we live in an era where technology is continually evolving and individuals' or teams' creativity has no limits. We can put ourselves in the shoes of someone who doesn’t write code but wants to build a professional application - with Bubble.io this is now a possibility.

Top 3 reasons small businesses or enterprises should switch to a no-code platform

This comes with a caveat that Bubble does have a learning curve but once you get familiar with the platform it’s much easier to build applications.

1. 🤑 Using a no-code solution like Bubble saves money on IT:

Typical app development workflow costs for SMBs (small to medium businesses) from design to implementation can range from $75,000 to $750,000. This can be crippling for startups which opens up a no-code solution as a better alternative. If we are talking about enterprise development, this number can reach up to millions.

2. 🔑 Time to value:

This depends on what type of app you want to build. Some estimations are up to 80% in development time saved. Let’s take into consideration there is no need to set time-consuming tasks for a developer such as basic features and environment setup. This is all taken care of for you when building in Bubble’s platform.

3. 🚀 Built-in SEO:

Whether you are a startup or an enterprise team, but inexperienced in the art of Search Engine Optimization (SEO), not to worry, Bubble has built-in SEO tools that allow you to the ability to modify and customize how your application is seen by search engine crawlers. This would be in the advanced settings and great care should be taken when enabling or modifying these settings because, by default, your application will not be indexed.

This brings a lot of value when you don’t necessarily need a professional marketing division to start with. Right out of the gate, you can build an application that has professional capabilities to successfully reach your target persona.

Can I add enterprise features on Bubble?

One of the foundational needs of any new business app is the ability for users to securely log in to password-protected areas - like a shopping cart or protected content. If we look at enterprise features like SAML SSO for instance, you may think this is a feature that is out of reach for a no-code platform, but you can simply search within the Bubble marketplace and a list of plugin creators has made this possible. Instantly you get a short list of plugins available for the functionality you would like to implement.

BoxyHQ is one of those creators. By simply installing the plugin into your Bubble.io app, you can be up and running with little configuration effort. We have written a step-by-step guide to help you properly configure setting up SAML single sign-on for your small to medium business (SMB) or enterprise application.

Once you have BoxyHQ’s plugin properly configured, you now have an application that will handle secure login access to your users using SAML single sign-on that will connect to any IdP (Identity Provider) like Okta, OneLogin, Azure AD, etc.

This is when you can breathe a sigh of relief because there is now no need to remember usernames and passwords. BoxyHQ’s plugin easily provides that solution for you. If you would like to test a demo application click here to see the flow and enjoy the seamless experience you will have inside the Bubble platform.

If you are interested in understanding what’s happening on the backend, we have a guide available that will walk you through the technical aspects of single sign-on.

SSO can be complicated but BoxyHQ makes it simple to understand.

SSO "Wall of Shame" vs "Wall of Fame"

Deepak Prabhakara — Thu, 30 Mar 2023 00:00:00 +0000

Unless you have been living under a rock, you have probably heard of the SSO Wall of Shame. This is a list of vendors that treat single sign-on as a luxury feature, not a core security requirement. There have been numerous complaints regarding the companies that have made it onto this list, and rightfully so. In a downturn economy and in times when security and privacy are critical, many organizations see an opportunity to generate even more revenue.

This is a small example, listed in alphabetical order of some of the most well-known companies that have ended up on the “Wall of Shame” (see the screenshot below). You can find more information and the full list at sso.tax. It is clear that raising prices for enterprise SSO and other security features, such as Audit Logs (to track critical events), is just part of their revenue model.

But is this the right thing to do? It’s hard to judge from the outside, and clearly companies need to make a profit while showing growth, especially when you are backed by Venture Capital. Having said that, at BoxyHQ we believe that we can all do better (we are also Venture funded). Nonetheless, cybersecurity taxes should stop, and we should all focus on increasing our security posture and making a positive impact. Take for example, Hubspot charging 6300% more for SSO functionality! That is a clear example of how absurd and abusive some companies can be.

Now, we ask ourselves, how about the “Wall of Fame”? This is a separate list of companies that lead by example and don’t take advantage of their customer base. If you do a quick search, you will find some interesting companies listed. Grafana, Cal.com, and Sumo Logic, just to name a few.

To understand why startups normally lean this way, it’s important to consider the enterprise deal process. With RFPs, security questionnaires, and other compliance-related procedures, closing an enterprise deal becomes all-consuming for a startup. This can justify an enterprise pricing tier. Given a startups early evolution of products, , Enterprise SSO becomes an easy candidate to distinguish the pricing tier gap between charging SMBs and what they can charge enterprises. But building and maintaining SSO is expensive and time-consuming. SAML is not necessarily the easiest protocol implementation to get right. And add to this the customer support issues that come with onboarding large enterprise teams onto the product. But as a startup matures the product needs to have enough core enterprise features and not merely depend on undifferentiated features like SSO.

To take it full circle, it would be nice to see a full list of the SSO Wall of Fame. Then we could ensure support for the companies with integrity, who have clearly not been overtaken by greed. Unfortunately because of our bandwidth, we can not commit to full ownership of this initiative, but can offer some practical advice on how companies could start offering SSO pricing tiers for free or at a nominal price increase:

Charge for other core enterprise features instead of SSO. If your product is not quite to that level of maturity, please read on.
Instead of charging for SSO, charge for the security process’s that comes with enterprise deals. If a company wants you to go through its security and compliance process, rather pay a premium to enhance its security posture and reduce compliance risk from its vendors.
If that scenario isn’t possible then consider segmenting SSO pricing based on the number of users or seats. SMBs will not have a very large number of seats so this could be a possible way to separate your pricing.
If your Enterprise tier is not based on seats, a natural progression is to base pricing on usage.

We are trying to do our part by providing a free open–source enterprise-grade SSO (called SAML Jackson), that any developer, team, or organization can plug into with just a few lines of code. Check out the GitHub repo here. Feedback is much appreciated and a star will help us raise security awareness. 🙂

Stay safe, do good, and avoid the dark side of the SSO tax!

SBOM Explained: 📚 An Enterprise Guide to Security Risk Management

Nathan Tarbert — Wed, 22 Mar 2023 00:00:00 +0000

In this age of technology, software companies are quickly shifting towards a strict compliance posture. You may ask yourself, why is that and what has changed over the last several years? This can be due to multiple factors but can mainly be boiled down into four categories.

🔒 Security
👩‍💻 Product Development
🦊 Compliance
⚠️ Supply Chain & Risk Management

What is an SBOM or Software Bill of Materials?

You can think of an SBOM as a cake you are baking. That cake has an ingredients list or in the case of software, open-source or private dependencies, and third-party components. This list can be massive and can range from hundreds to thousands, especially when you factor in transitive dependencies (an indirect dependency of the component it relies on). This list gets very complex and is impossible to manage at scale at the enterprise level. Gone are the days when most enterprises or smaller-scale organizations would write applications from scratch. Rather, most applications are assembled using pre-built software packages, i.e open-source. Over the past decade, this has led to the rise and use of publicly available software components and agile development at an enormous rate.

Security

More organizations now have security top-of-mind due to cyber attacks on business infrastructure becoming almost a daily occurrence. Companies are faced with major decisions that affect cost, efficiency, and productivity. There is an enormous risk and liability where a company’s code base lives in the cloud. This could be private or public but a good rule of thumb when you think about risk is not if we’re breached, but when. So precautions need to be taken to add layers of protection to software infrastructure.

An SBOM would provide better visibility to companies in identifying and tracking security vulnerabilities that could enable timely patches. Updates in code should prompt a newly generated report (SBOM).

We could go a lot deeper around all the various ways precautions could be taken like scanning your application for vulnerabilities or penetration testing. A minimum viable secure product is of course recommended for all enterprise-ready organizations. It could be as simple as having audit logs in place to record and search events internally on your application.

Product Development

SBOMs can improve and help software development processes by providing a comprehensive list of all open-source dependencies and components used in a product. From an organizational standpoint, it is crucial to ensure that all software and related components are up-to-date and licensed correctly. Having this clear understanding is key to risk mitigation when it comes to understanding what is in a product and how it is constructed. Therefore, development teams can quickly improve transparency, communication, and collaborative decision-making with a faster time-to-market while ensuring industry compliance standards and regulations.

Compliance

In 2021 the US Government issued an executive order mandating all software companies that do business with the US government must provide a detailed inventory list (software bill of materials or SBOM) of all components related to the software they have produced and sold to any federal agency. The legislation is geared towards transparency with a view to the enhancement of security for our supply chain infrastructure. This has quickly prompted other countries to consider similar legislation.

Supply Chain & Risk Management

It’s vital to take a proactive approach and have a top-down understanding of all software components that live in a software ecosystem. With that in mind, SBOMs are quickly becoming a standard for software supply chain risk management. With the expansion of sophisticated attacks, it’s more important than ever to take a systematic approach when it comes to the security of your organization.

The ecosystem is growing with tools that help you verify, scan and monitor all your components and manifest files.

If you have an open-source product to sell to enterprises or the public sector, you will need to anticipate compliance and build an SBOM into your product. Especially if you are targeting entities in heavily regulated industries. Taking this into consideration, that’s what we did at BoxyHQ for each of our four products with guides that will help you navigate these decisions (Enterprise Single Sign On, Directory Sync, Audit Logs, and Data Privacy Vault). We chose to build Cosign right into our tool - but many more are available. Here is a curated list of SBOM-related tools.

Please visit BoxyHQ’s website to learn more about producing an SBOM for your products. E.g. SBOM for our enterprise SSO: BoxyHQ

Exploring the open-source business model and how companies monetize it

Deepak Prabhakara — Mon, 13 Mar 2023 00:00:00 +0000

With the rise of open-source solutions and solution providers, one of the biggest questions asked is, how do businesses monetize while giving away the source code for free?

What is an open-source company?

An open-source company is an organization that develops software but makes the source code freely available to the public. This means that others can copy the code and engine, deploy it themselves, develop it, fix bugs and more. This allows the software not only to be widely accessible for free but also to evolve in a very collaborative way.

If everything is free then how can it be monetized?

We don't have to look very far to find examples of open-source companies that have become unicorns and continue to grow. Some great examples are Elastic ($608 million in revenue, 2021), HashiCorp ($320 million in revenue, 2021), and RedHat ($3.4 billion in revenue, 2021). All these companies operate an open-source business model but have huge revenues and valuations. This is what we are going to look at.

There are many different ways that open-source companies can monetize - ultimately this comes down to the goals of the business. We are going to explore a few of the options available but keep in mind that these are just some of the ways it can be done and open-source continues to develop and grow at a rapid pace.

Donations

One of the most popular models is to offer the source code and documentation completely free and let its users donate at their discretion. This is normally done for smaller projects and donations can be solicited in various ways, such as a button on the website, a link in a newsletter, a Github donation, or one that I like - buymeacoffee.com. The latter allows you to embed an option into your website or interface and donate at the value of a coffee. Although donations are a great way to monetize some projects, this method is not feasible for bigger companies that have complex solutions and large overheads.

Support

Paid Support or Premium Care, as it’s commonly termed, is a very common business model that has done very well for larger commercial companies. This model allows users to still access the code and deploy it for free but also enables an option for companies/users to pay for additional support. This monetized plan often includes perks such as help deploying the software, customization and ongoing support for general use. Just because the source code of a project is open, it doesn’t mean it's easy to deploy or manage. This is where companies such as Red Hat have been successful and use this particular model to great effect.

The benefits of this model are, as Red Hat has demonstrated, you can build a revenue-generating company that can be scaled effectively. The drawback is, some companies only make the open-source code available with a paid plan, which goes against the open-source ethos. To truly use this model effectively, companies should offer the source code for free regardless of an option for additional support.

Photo by Christine Roy on Unsplash

Licensing

Open-source companies can also license their open-source software, which applies rules to how their software can be used, edited, distributed and copied. Some open-source companies will allow individuals and smaller organizations to use their software for free while charging larger companies a fee to deploy it. Normally a license fee comes with additional benefits, such as support and training, etc. There are also two main types of licensing that open-source companies can utilize.

-Copyleft license This is a type of license in which, if code is copied and modified it still retains the original license terms

-Permissive license This grants licenses based on different needs and is much more diverse.

Licensing and open-source licensing is a huge topic in itself and Snyk has done a fantastic job at explaining this. You can read more about it here.

Cloud-hosted Services

Finally, the last model we will look at is hosting. While open-source organizations can still offer their code for free, some may offer a hosted version which is much easier to set up and maintain. This means customers can effectively use their product like any other SaaS and they typically charge on a subscription basis.

The hosted model is very popular as it now allows quick deployment but also reduces the level of maintenance and custom work developers need to carry out. The main limitation of offering a hosted model is, it will require the open-source company to offer web hosting and everything that goes along with it. This can require an enormous amount of maintenance and development.

The open-core model

The open core model is when a company releases the core software for anyone to use but then also controls things such as the roadmap and what commits are accepted into it. By doing this, the company can also charge for extra features which customers may want. Some examples could be functionality features or even security/compliance modules. This model has been very popular with open-source companies and is widely seen as a very fair way to operate. It is also very important to make sure that the open-core has enough value that developers will rally around the product from the get-go. Companies that offer very little value from the free version and charge for additional features, do not see great traction in the open-source community.

Controversial opinion

I personally believe that OSS is not a business model but a development model. We are debating this internally, so we would love to hear your feedback and opinions on this subject.

Summary

Although open-source code is widely free and available to use, it has become a popular choice for companies who also want to commercialize. The benefits of open-source are vast and with the variety of business models we discussed you can understand the various options to create a successful, revenue-generating business.

Why does your SaaS application need audit logs?

Deepak Prabhakara — Wed, 18 Jan 2023 00:00:00 +0000

Audit logs are an important tool for keeping track of activity within your SaaS application. These logs provide a detailed record of the actions taken by users and can be used to monitor for potential security breaches, compliance violations, and other issues. Let’s explore some of the key reasons why you need audit logs for your SaaS app.

Compliance: Many industries are subject to strict regulations that require organizations to maintain detailed records of their activities. Audit logs can be used to demonstrate compliance with these regulations, and to provide evidence in the event of an audit or investigation.
Cyber Insurance: Obtaining cyber insurance usually comes with requirements around recording and retaining audit logs. These logs help with forensics during insurance claims, otherwise making investigation expensive and time-consuming for both insurers and the affected companies.
Security: Audit logs can be used to detect and prevent security breaches. By monitoring for suspicious activity, such as repeated failed login attempts or changes to sensitive data, you can quickly identify and respond to potential threats. Additionally, audit logs can be used to reconstruct the events leading up to a security incident, which can help you identify the cause and prevent similar incidents in the future.
Accountability: Audit logs make it possible to track the actions of individual users, which can be useful for identifying issues such as data breaches, compliance violations, and other problems. This information can be used to hold users accountable for their actions and to help you identify and address any issues that arise.
Troubleshooting: Audit logs can be used to identify and diagnose issues that occur within your SaaS application. By reviewing the logs, you can see exactly what happened when a problem occurred, which can help you quickly identify the root cause and develop a solution.
Auditing: Audit logs provide a record of the activities that occur within your SaaS application, which can be useful for internal audits. This information can be used to assess the effectiveness of your security controls and identify areas for improvement.

Audit logs are a powerful tool that can be used to improve the security, compliance, and overall performance of your SaaS application. By keeping detailed records of user activity, you can monitor for potential issues and quickly respond to problems as they arise. If your SaaS app doesn't have audit logs, you should consider implementing them as soon as possible to ensure the safety and security of your data and users. It is also becoming an important part of enterprise readiness.

Introducing our Audit Logs product

We are extremely thrilled to introduce our new Audit Logs product in collaboration with our friends at Replicated. Retraced is a fully open-source audit log service that comes with an embeddable UI that's easily deployed to an infrastructure of your choice. We have spent years building and fine-tuning audit logs systems and think we have finally discovered an optimal solution to this nagging problem.

It’s yet another important enterprise readiness feature to tick as you scale your offerings to the enterprise segment and complements our Enterprise SSO and Directory Sync products to give you a one-stop solution. Come check out the product at our Github repo, we’d love to hear your feedback.

How low-code solutions are changing how we build products and workflows

Deepak Prabhakara — Tue, 25 Oct 2022 00:00:00 +0000

We have all heard the terms low-code or no-code being thrown around as buzzwords over the last few years but what does this mean and how is it changing the way businesses and individuals solve problems? I am going to use our product SAML Jackson to explain how low-code solutions are changing the way we build products.

Low-code solutions are essentially products that provide you with building blocks so instead of building a solution from scratch you can simply combine the relevant building blocks to make a relevant solution for your business. Let’s take BoxyHQ and our SAML Jackson product as an example. Without the low-code product (SAML Jackson) the alternative for businesses would be to build a custom SAML integration which takes months and a ton of resources. This sounds ridiculous tho right? With the number of businesses who are deploying SAML for their customer, there must be some reusable parts that can be shared to reduce the time it takes each business. This is where low-code products like SAML Jackson come in. By building the SAML integrations as a reusable component, businesses only need to create one simple connection to the SAML Jackson to deploy SAML.

Still with me? If not, don't worry. Essentially what low-code is taking advantage of is building in a way that can be shared so the amount of custom building is limited (or low) for common use cases.

So what is the difference between low-code and no-code?

Well while a lot of people would still group them together, the obvious difference is that low-code still needs some code to integrate the building blocks, whereas no-code doesn't. If we look at a product like Zapier for example, that requires no code at all and a non-technical person can use visual blocks to connect different data sources and outputs to build workflows. An example of this is as a non-technical person I can take data from forms such as Hubspot forms that are submitted on our website and create notifications for the team on Slack. Doing all of this without code and just using Zapier is what makes this a no-code solution.

Why is low-code so important?

Lastly, let's take a quick look at the main benefits of having solid DevSecOps in place

Speed speed speed
Cost

Are there any negatives to using low-code and no-code platforms?

The only main negative of these solutions I have identified is that because of the ease and speed of the platforms it can create a lack of transparency and some shadow IT as lots of people in the organization can be building solutions and data can be moving around without accountability. However, with the right IT processes and policies in place, this can be easily fixed.

Why are we so excited about low-code and no-code?

We are very excited about low-code solutions because it drives innovation! We at BoxyHQ are building low-code solutions for enterprises to implement the important but standard features they need to be competitive and compliant with ease so they can focus on what they do best which is innovate. We have some great clients already and can’t wait to see what they do next without the hassle of building standard features such as SSO and Directory Sync.

DEV Community: BoxyHQ

7 Frameworks, One SAML Jackson - Your Open Source Single Sign-On Solution

The Guides

Configure SAML Single Sign-On

Authenticate with SAML Single Sign-On

A Secure, Privacy-First AI-driven Data Collection Platform: BlockSurvey

Introduction

The Challenge

The Solution

The Impact

Conclusion

SSO vs. Identity Federation: Optimizing Authentication for Modern Enterprises

Single Sign-On (SSO): Simplifying Access, Enhancing Security

Identity Federation (FIM): Extending Access Across Boundaries

Identity Providers (IdPs): The Backbone of Identity Federation

Choosing the Right Solution

Conclusion

BoxyHQ + Cerbos: Merging SSO and Authorization

Introduction to SAML single sign-on​

Benefits of using SAML​

Increased Security​

Improved user experience​

Reduces cost​

Introduction to BoxyHQ​

Introduction to Cerbos​

Overview of the example app​

1. Setup the example app​

2. Setup SAML App in Okta​

3. Create a SAML connection in SAML Jackson​

4. Login with SAML SSO​

5. Configure the groups attribute in Okta App​

Create a group in Okta​

6. Test the authorization​

Access API authorized by Cerbos​

Guarded Routes​

Closing thoughts​

Learn More​

boxyhq / jackson

🔥 Streamline your web application's authentication with Jackson, an SSO service supporting SAML and OpenID Connect protocols. Beyond enterprise-grade Single Sign-On, it also supports Directory Sync via the SCIM 2.0 protocol for automatic user and group provisioning/de-provisioning. 🤩

SAML Jackson: Open Source Enterprise SSO And Directory Sync

Directory Sync

🌟 Why star this repository?

BoxyHQ - The must-have for your startup's next enterprise customer

Introduction​Intro

The WhyThey why​

But wait… What is enterprise-readiness?​

They’re mainly looking for 2 things:​

The BoxyHQ suite — in the chronological order of release.​

1. Open Source SAML Jackson​

What does it do?​

How does it work?​

What are its benefits?​

Centralized management and increased security 🔒​

Better user experience ✨​

Reduces cost​s💲​

TL;DR​

Without BoxyHQ’s SAML SSO, on the user side 😔​

With BoxyHQ’S SAML SSO authentication 🤠​

On the solution provider’s side, it looks like:​

2. Open Source Directory Sync​

In simple words, you enable your customers to:​

3. Open Source Audit Logs​

Why are Audit Logs important?​

4. Admin Portal​

5. Data Privacy Vault​

With the Privacy Vault, you can:​

What users are saying 💬​

Meet the Founders ✨​

The BoxyHQ Pledge 📜​

What’s Next for BoxyHQ 🚀​

The new era of Application Security: Security Building Blocks for Developers

The new era of Application Security: Security Building Blocks for Developers​

Building and Shipping Secure Software Products in Hours, Not Months​

Democratizing Secure Development: Making Security Accessible to All​

Minimum Viable Security (MVS): Building a Strong Foundation​

Comprehensive Integration: Uniting Security Features for Maximum Effectiveness​

Closing the Gap Between Compliance and Security​

🔨Build Enterprise Software with No-Code 💬Thanks to Bubble.io

What is Bubble.io?​

What is a Bubble.io Plugin?​

Introduction to SAML single sign-on

Benefits of using SAML

Increased Security

Improved user experience

Reduces cost

Introduction to BoxyHQ

Introduction to Cerbos

Overview of the example app

1. Setup the example app

2. Setup SAML App in Okta

3. Create a SAML connection in SAML Jackson

4. Login with SAML SSO

5. Configure the groups attribute in Okta App

Create a group in Okta

6. Test the authorization

Access API authorized by Cerbos

Guarded Routes

Closing thoughts

Learn More

IntroductionIntro

The WhyThey why

But wait… What is enterprise-readiness?

They’re mainly looking for 2 things:

The BoxyHQ suite — in the chronological order of release.

1. Open Source SAML Jackson

What does it do?

How does it work?

What are its benefits?

Centralized management and increased security 🔒

Better user experience ✨

Reduces costs💲

TL;DR

Without BoxyHQ’s SAML SSO, on the user side 😔

With BoxyHQ’S SAML SSO authentication 🤠

On the solution provider’s side, it looks like:

2. Open Source Directory Sync

In simple words, you enable your customers to:

3. Open Source Audit Logs

Why are Audit Logs important?

4. Admin Portal

5. Data Privacy Vault

With the Privacy Vault, you can:

What users are saying 💬

Meet the Founders ✨

The BoxyHQ Pledge 📜

What’s Next for BoxyHQ 🚀

The new era of Application Security: Security Building Blocks for Developers

Building and Shipping Secure Software Products in Hours, Not Months

Democratizing Secure Development: Making Security Accessible to All

Minimum Viable Security (MVS): Building a Strong Foundation

Comprehensive Integration: Uniting Security Features for Maximum Effectiveness

Closing the Gap Between Compliance and Security

What is Bubble.io?

What is a Bubble.io Plugin?

Bubble Makes It Simple

Top 3 reasons small businesses or enterprises should switch to a no-code platform

1. 🤑 Using a no-code solution like Bubble saves money on IT:

2. 🔑 Time to value:

3. 🚀 Built-in SEO:

Can I add enterprise features on Bubble?

What is an SBOM or Software Bill of Materials?

Product Development

Compliance

Supply Chain & Risk Management

What is an open-source company?

If everything is free then how can it be monetized?

Donations

Support

Licensing

Cloud-hosted Services

The open-core model

Controversial opinion

Summary

Introducing our Audit Logs product

So what is the difference between low-code and no-code?

Why is low-code so important?

Are there any negatives to using low-code and no-code platforms?

Why are we so excited about low-code and no-code?