Adaptive Multi-Factor Authentication

Delight your workforce or customers with options to login with or without passwords.

Secure Accounts with MFA

Secure your accounts and apps with a strong multi-factor authentication solution that will keep the right people in and the wrong people out. Protect all your resources, including customer-facing apps and enterprise apps that store your most sensitive data.

Secure Workforce, Customers, and Partners

Create contextual access policies that assess risk factors, such as device, network, location, travel, IP, and other contexts, at each step of the authentication process. Even integrate external risk signals to provide additional context.

Then pair risk levels with appropriate access decisions, like allowing or denying access, prompting for MFA, or using passwordless authentication for a low-risk request.

Built-in MFA that comes out of the box!

FIDO / WebAuthn

Many great USB, Bluetooth and Lightning tokens are available from vendors like Yubico, Feitian, AuthnTrend and others.  But new iPhones and MacBook’s also have FIDO buildt-in. You can’t “top-down” provision FIDO for users.  Casa is an essential tool to rollout FIDO which requires end-users to enroll their devices. 

Super Gluu Android App

Super Gluu can be configured to support a passwordless authentication workflow where the user scans a QR code for each sign in, or simply enters a username and approves a push notification.  It can also be used for traditional username password + mobile push authentication . An open source software project, your organization can also brand and distribute your own version of Super Gluu.

Built-in HOTP / TOTP

Sometimes good old OATH tokens (HOTP/TOTP) is handy. Some devices just don’t support any mechanism to display a web page, and sending an OTP as the password mitigates some risk. Casa supports using a QR code to enroll an OTP software app (like Google Authenticator). You can also enroll a hardware OTP hardware device (e.g. a keyfob), manually or via an API. 

Plugins add More MFA options

Casa is a plugin-oriented, Java web application. Existing functionality can be extended and new functionality and APIs can be introduced through plugins.


BioID Web Service offers liveness detection and facial recognition biometric authentication service. It strengthens identity verification around the world with reliable, device-independent anti-spoofing. BioID liveness detection is compliant with ISO/IEC 30107-3 and offers seamless implementation and user experience, requiring nothing more than a few selfies taken with any standard camera.


Multi-factor authentication from Cisco’s Duo protects your applications by using a second source of validation, like a phone or token, to verify user identity before granting access. Duo is engineered to provide a simple, streamlined login experience for every user and application, and as a cloud-based solution, it integrates easily with your existing technology.


Gluu’s OX platform makes centrally managing business logic for authentication simple and flexible. Through the use of custom authentication interception scripts, the OX platform can integrate any authentication mechanism, logic, or flow. This provides an organization the necessary flexibility to map the business logic for authentication across a number of scenarios.


SMS OTP plugin sends a one time password (OTP) with the SMS text to the user’s phone. The user receives the OTP and enters it on the device where the authentication is happening. The OTP must be used within a specific time frame.

X.509 Certificate

The browser certificate plugin allows users to enroll X.509 digital certificates and use them as a form of second factor authentication.


When this plugin is configured to use email, the user is asked to enter their email address, to which a a one-time-use code is sent. The user then enters the code into your application to authenticate.

Registration Approval

Configure self-registration to require approval, after a new directory user registers. Users will not be able to sign-in immediately after registration. Their registration will have to be approved by the site administrator.

RSA SecurID Authentication

RSA SecurID authentication can be enforced for all privileged users of the organization. This integration provides an extra security layer enabling a centralized, secure access via single sign-on to an organization’s IT assets.

Consent Management

The Consent Management plugin gives end-users the ability to view and revoke previously granted authorizations provided to applications accessed with their account in a Gluu Server.

Gluu 4 is your open-source digital identity solution.

« »