Skip to content

Gluu Casa 3.1.6 Documentation#


Gluu Casa ("Casa") is a self-service web portal for end-users to manage security preferences for their account in a Gluu Server.

For example, as people interact with an organization's digital services, they may need to:

  • Add and remove two-factor authentication (2FA) credentials
  • Turn 2FA on and off
  • View which external apps have access to their personal data
  • Manage trusted devices

Casa provides a platform for people to perform these account security functions and more.

Two-factor authentication#

The core use case for Casa is self-service 2FA. If people need to call the helpdesk every time they get a new phone or security key, supporting strong authentication becomes prohibitively expensive.

Out-of-the-box, Casa can be used to enroll and manage the following authenticators:

  • U2F security keys like Yubikeys
  • Gluu's push-notification mobile app, Super Gluu
  • OTP hardware cards like these or dongles like these
  • OTP mobile apps like Google Authenticator, Authy, Duo, etc.
  • Mobile phone numbers able to receive OTPs via SMS
  • Passwords (if stored locally in Gluu, i.e. not a backend LDAP like AD)

2FA enrollment APIs#

To facilitate 2FA enrollment during account registration or elsewhere in an application ecosystem, Casa exposes APIs for enrolling the following types of authenticators:

  • Phone numbers for SMS OTP
  • OTP apps, cards or dongles
  • Super Gluu Android and iOS devices

Learn more in the developer guide.


Casa is a plugin-oriented, Java web application. Existing functionality can be extended and new functionality and APIs can be introduced through plugins.

Gluu has written multiple plugins to extend Casa to solve use-cases such as:

To extend Casa to meet your own custom requirements, learn more about writing plugins in the developer guide.

Get started#

Use the following links to get started with Casa:

Quick Start#

Admin Guide#

User Guide#

Developer Guide#


Gluu Casa is made available under Apache License 2.0.