How it Works

- ScaleFT integrates with your Identity Provider of choice to authenticate the user attempting to login to a resource through flexible role based access controls.

- When authorized for a specific resource, a Certificate Authority built into the Platform issues a short-lived client certificate used to initiate a secure session.

- A lightweight Server Agent enrolls resources with ScaleFT to create local accounts in the background and log all user events for audit purposes.

- A Client Application running on the user’s device is used to synchronize certificates with the local operating system to ensure a seamless integrated workflow.

Ephemeral Certificates

ScaleFT's credentials are a point in time attestation of user identity, tied to the user's device. These credentials are cryptographically verified by servers without an outbound network connection. This short-lived credential architecture allows for easy deployments with diverse network topologies.

Learn More About Dynamic Credentials

Endpoint Visibility

ScaleFT's endpoint visibility encourages users to self-remediate for basic security settings such as system updates and full disk encryption. All ScaleFT users install our Client application to receive fast-expiring credentials, and the platform tracks authorized devices for every user.

Learn More About the ScaleFT Client

Host Validation

Host validation is meant to protect against man-in-the-middle attacks, but decisions about trust are delegated to individual users. ScaleFT fixes the trust problem by securely synchronizing SSH host keys (or RDP host certificates), and configuring them in the user's client.

Learn More About Our SSH Architecture

Identity Provider Integration

ScaleFT integrates with your corporate identity provider (IdP) for authentication and to provide rich account management on both Linux and Windows servers. This includes Google Apps and Okta, and we directly support SAML or OpenID Connect.

Learn More About Authentication

Cloud Integration

ScaleFT's server agent integrates with cloud provider specific metadata services to automatically configure itself and enroll servers with the Platform. This saves time during deployment and ensures a seamless operations experience.

Learn More About Enrollment

Bastion Support

ScaleFT bastion support enables easy and secure access to sequestered resources. Users can transparently route SSH and RDP connections over bastions, without having to use SSH Agent Forwarding.

Learn More About Bastions

Ready to Try ScaleFT Zero Trust Access Management?

All of our plans start with a 45 day free trial. No credit card required. See Pricing Plans

Contact Sales Start a Free Trial