We’re pleased to announce the immediate availability of Unison and OpenUnison 1.0.8. This release brings new features specifically aimed at Cloud Native systems:
- OpenID Connect support, both as a relying party and as an identity provider
- Kubernetes SSO integration
- MongoDB Support for storing authorization data and additional attributes outside of your corporate Active Directory
- Identity Management for OpenShift and OpenStack
- Dynamic Workflows for OpenShift and Kubernetes
What makes the Cloud Native revolution so important is its ability to give you both the control of local infrastructure while having the speed of Software as a Service. This power shouldn’t be slowed down by adding identity management, it should be accelerated. By combining our light weight deployment methods and integration with existing systems many of the services you already own you can quickly have an enterprise capable identity service in a matter of minutes.
Here’s an example of how Unison can accelerate your application deployment. You’ve decided to run Kubernetes on Amazon Web Services but for compliance reasons you need to control access at every level. That means providing the who, what and why of access:
- Who is the user and how do you know?
- What is the user authorized to do?
- Why is the user authorized?
You might already have a process in place for provisioning servers on AWS and providing access, but what about Kubernetes? It has no knowledge of users or group memberships so you need a way to authenticate your developers and admins as well as a way to authorize the access. Kubernetes provides integration with OpenID Connect and Role Based Access Controls (RBAC) but you still need to tell Kubernetes who the user is and what they have access to.
Where will you store the groups? In Active Directory? Do you own Active Directory? Do you have a well established process for adding groups and provisioning access? Chances are you don’t. The people who own Active Directory are going to be focussed on managing access to the Windows and potentially the Linux infrastructure so its unlikely they’ll want to let application owners start making additions to Active Directory.
Enter Unison and OpenUnison. Your team already knows databases, NoSQL databases and applications. You can standup databases for audit and authorization data separate from Active Directory, but still use AD for authentication. Its the best of both worlds. You are delegating authentication while controlling authorizations.
Speaking of authorizations, how will you authorize access to new namespaces and projects? Will you manually create a process for each one? That doesn’t sound like DevOps. Instead let Unison or OpenUnison dynamically adapt to your environment. As you add new namespaces to Kubernetes Unison will drive access requests via a self service request portal and annotations in your namespace deployments.
The same self service interface used for access requests can be used for giving the auditors direct access to the audit data in real time. In addition to meeting your compliance and security needs for Kubernetes you have increased the automation in your environment and provided a way for users to access information on their own decreasing your support burden and costs.
Thats just one example of how a Cloud Native identity management system can help run your applications more smoothly then ever before. In the coming weeks we’re going to be releasing quick starts for OpenUnison, our open source identity management system, that will get you up and running on managing access to OpenStack, OpenShift and Kubernetes in no time! To get started now, check out or videos gallery, wiki and documentation.