edit

Credential Manager 3.1.2 Documentation#

Overview#

Credential Manager is a simple, user-facing application people can use to enroll, delete and manage their strong credentials in the Gluu Server.

Out-of-the-box Credential Manager supports the following free or low-cost authentication mechanisms:

  • U2F security keys (like Yubikeys)
  • Gluu's free and secure U2F mobile app, Super Gluu
  • OTP mobile apps (like Google Authenticator, FreeOTP, etc.)
  • Mobile phone numbers that can receive OTPs via SMS
  • Passwords (only if stored in the corresponding Gluu Server's local LDAP. Not supported if the passwords are stored in a backend LDAP like AD)

Gluu Server Integration#

Credential Manager is tightly coupled with the Gluu Server authentication and authorization platform. A few important notes:

  • Same host: By default, Credential Manager must be installed on the same server (host) as a Gluu Server.

  • Authentication scripts: Gluu leverages "interception scripts" to implement user authentication. For each type of 2FA credential that should be manageable in Cred Manager (e.g. U2F keys, OTP apps, etc.), the corresponding authentication script must be enabled in Gluu. Learn more about how authentication happens in the Gluu documentation.

  • oxd: Cred Manager leverages Gluu's OAuth 2.0 client software, oxd, to integrate with the Gluu Server. Credential Manager can leverage an existing oxd server, or a new instance of oxd can be deployed during Credential Manager installation.

  • Username for sign in: Cred Manager 3.1.2 only supports username authentication, i.e. not email. If your Gluu Server is configured to request email during the sign-in flow, please wait to deploy Credential Manager until we release a fix for this in Cred Manager 3.1.3--ETA mid-late April. Thanks!

User Roles#

There are two types of users in Credential Manager:

  • Admin users: Any user in the Managers Group in the Gluu Server.

  • Regular users: Any user in the Gluu Server.

Admin users have access to the Cred Manager admin console. All users can manage their 2FA credentials in Credential Manager.

Get Started#

Use the following links to get started with credential manager:

Admin Guide#

User Guide#

Developer Guide#

License#

Credential Manager is licensed under the free open source MIT License.