Features
Boundary grows with your evolving needs
Manage user access with a cloud-centric, DevOps approach
Whether you’re starting with securing user access to infrastructure and leveraging static secrets, or are ready to provide more advanced session and credentials management, Boundary helps you grow and scale infrastructure across any environment.
Adopt secure user access workflows
Simplify user access workflows and provide least privileged access to resources and systems.
Authenticate and authorize using trusted identities
Leverage trusted identity providers such as OKTA, Ping, and Azure Active Directory to enable single sign-on access and authorize access based on roles and logical services.
Secure and automate user access
Streamline end-user access to infrastructure endpoints (i.e. SSH, RDP, HTTPS, databases, and kubectl) through a secure TCP/IP connection. Establish least privilege access to target systems for each user or group based on roles.
Session management
Gain visibility into all active sessions accessed by each identity. Use administrative control to automatically or manually terminate sessions.
Self-managed workers via secure proxy
Reduce your attack surface by sending remote user connections through proxies residing within a secure network.
Simplify remote user access
[Public beta] Transparent sessions let teams securely connect to infrastructure resources without changing their workflows or client tools. No need to learn new tools or processes, or choose between security and speed: authorized users can securely connect to their desired target resources in one step.
Credential management
Centrally store, access, and deploy key/value credentials across applications, systems, and infrastructure.
Standardize best practices across your organization
Provide shared services for your teams and enhance compliance and governance.
Automate with Terraform
Deploy and configure Boundary resources provisioned by Terraform using existing Terraform workflows.
Advanced credential management using Vault and Boundary
Integrate with Vault secrets engines to generate, store, access, and expire credentials on demand. Use Boundary to inject single-use, dynamic credentials into remote hosts without exposing them to end users.
Audit logs
Enable visibility into configuration changes, logs, and traces with the ability to export data to business intelligence and event monitoring tools.
Session recording
Record all activities within a user session and play back sessions in the event of a threat incident.
Approvals workflow
Integrate with partners to allow just-in-time requests and approvals for time-bound access using popular platforms like PagerDuty, Service Now, and Slack.
Enable key lifecycle management
Supports various key management systems to secure and encrypt data at rest. Manage encryption key lifecycles with key rotation and versioning features.
Enhance your security posture to limit your security risk
Scale for self-service, visibility, and adoption.
Multi-hop sessions
Connect into strict and complex network topologies through reverse-proxies that allow users to securely access locked-down resources where inbound network access is prohibited.
Dynamic host catalogs
Integrate with AWS, Microsoft Azure, and Google Cloud to automatically update and maintain a consistent list of available hosts in Boundary’s catalog.
Multi- and hybrid cloud
Provide the same consistent user workflow connecting to target systems in any private or public cloud.
Integrate with your existing workflows
Integrate with IDP of choice
Boundary easily integrates with your IDP, including Azure AD, Okta, and many others that support OIDC.
Integrate with Vault secrets management
Leverage Vault to broker short-lived secrets to Boundary targets for use in sessions.
Common use cases for Boundary
SSH access
Simplify, secure, and streamline remote SSH access based on a user’s identity through your IDP. Remote user access is provided only to machines authorized by administrators rather than the entire network. Automated time-bound credentials on the remote users’ behalf provide a seamless and passwordless experience.
Windows RDP access
Secure remote access on any TCP connection, including access to Windows machines over Remote Desktop Protocol (RDP). This gives remote users just-in-time access with time-bound credentials that don’t need to be stored on their local machines. All sessions can be monitored, logged, and terminated by a central administrative team.
Database access management
Keep remote user access consistent, secure, time-bound, and least-privileged. Use single sign-on to minimize risks associated with storing long-lived credentials across different databases, machines, and clouds. Plus, improve governance by monitoring and auditing all sessions.
Get started with Boundary
Boundary uses identity to secure remote access to hosts and services across any environment. Get started for free and pay only for what you use.
Looking for a self-managed solution?