Super Gluu
Authenticator App
Authenticate a person to a browser with any iOS or Android device.
Free to end users on the App Store and Play Store–companies pay only $0.01 per push notification.
Great for “Kiosk” login where end user scans a QR code to login.
Avoids the hassle of entering annoying one-time codes sent via SMS.
Secure and Convenient 2FA
Mobile push notifications that leverage FIDO endpoints
The Super Gluu mobile application uses the FIDO registration and authentication endpoints, enabling the end users of your business to use their mobile phone to verify their identity. It is both more secure and more usable then OTP codes. Super Gluu can use either PUSH notifications or QR Codes to initiate the authentication of a person.
Easy to Deploy
Super Gluu is supported by both the open source Janssen Project and Gluu Flex out-of-the-box — simply turn it on! It also works on all iOS and Android phones.
Mitigates Risk
Super Gluu uses the FIDO registration and authentication endpoints to add a cryptographic challenge and response to verify the device was previously registered.
Simple to Use
End users love the ease of using a mobile app for authentication. No more copying or remembering OTP codes.
Frequently Asked Question
Can Super Gluu be used for passwordless authentication? Can it be used for "username-less" authentication?
Yes, each Super Gluu device has a unique identifier, which once registered to a user, can be configured to identify the person. A passwordless flow can be triggered by asking for the end users email address (or some other identifier) or alternatively, by asking the end user to scans a QR code to initiate login. In the QR code flow, not only is it passwordless, authentication is accomplished in one step.
Can I customize the look and feel of Super Gluu?
Your business can license Super Gluu source code and publish your own mobile application. To learn more about this option, please contact us.
Can Super Gluu be used for digital signing?
No, it cannot.
Is Super Gluu free to use?
How do end users manage their Super Gluu devices?
The Casa self-service portal has a plugin that enables end users to view, add, remove and edit associated Super Gluu devices. Casa is an open source component that is part of both the Janssen and Gluu Flex distributions.
Where can I use Super Gluu?
Super Gluu requires Internet access. If end users are not connected, they will not be able to receive their PUSH notifications or scan a QR code.
How can I protect applications with Super Gluu?
Applications that use either SAML or OpenID can leverage Super Gluu by specifying a certain ACR (authentication context class reference). For example, in OpenID Connect, you can specify acr_values=supergluu.