Super Gluu
Authenticator App

Secure and Convenient 2FA

Mobile push notifications that leverage FIDO endpoints

The Super Gluu mobile application uses the FIDO registration and authentication endpoints, enabling the end users of your business to use their mobile phone to verify their identity. It is both more secure and more usable then OTP codes. Super Gluu can use either PUSH notifications or QR Codes to initiate the authentication of a person. 

Easy to Deploy

Super Gluu is supported by both the open source Janssen Project and Gluu Flex out-of-the-box — simply turn it on!  It also works on all iOS and Android phones.

Mitigates Risk

Super Gluu uses the FIDO registration and authentication endpoints to add a cryptographic challenge and response to verify the device was previously registered.

Simple to Use

End users love the ease of using a mobile app for authentication. No more copying or remembering OTP codes. 

Frequently Asked Question

Can’t find the answer to your question below? Contact us to find out more!
Can Super Gluu be used for passwordless authentication? Can it be used for "username-less" authentication?

Yes, each Super Gluu device has a unique identifier, which once registered to a user, can be configured to identify the person. A passwordless flow can be triggered by asking for the end users email address (or some other identifier) or alternatively, by asking the end user to scans a QR code to initiate login. In the QR code flow, not only is it passwordless, authentication is accomplished in one step.

Your business can license Super Gluu source code and publish your own mobile application. To learn more about this option, please contact us.

No, it cannot.

The Super Gluu app is free on the Play Store and App Store. However to send PUSH notifications, you need to use Gluu’s hosted Super Gluu API endpoint, which costs $.01 per notification. You can purchase SCAN credits to send notifications on Gluu’s developer site, Agama Lab.

The Casa self-service portal has a plugin that enables end users to view, add, remove and edit associated Super Gluu devices. Casa is an open source component that is part of both the Janssen and Gluu Flex distributions.

Super Gluu requires Internet access. If end users are not connected, they will not be able to receive their PUSH notifications or scan a QR code.

Applications that use either SAML or OpenID can leverage Super Gluu by specifying a certain ACR (authentication context class reference). For example, in OpenID Connect, you can specify acr_values=supergluu.

Have a question?