Security considerations
Last updated
Last updated
groundcover’s architecture is built with privacy as one of its primary drivers. All data that groundcover collects is stored in-cluster, inside your environment. Our default deployment is built in a way that ensures no data ever leaves your cluster, and that remains the case forever. See our section for more details.
When someone from your company enters the groundcover UI, a secure encrypted data tunnel will enable the movement of data to the UI, such that the user will be able to access and visualize the data. No data that is passed to the UI is persisted on groundcover's side. This architecture ensures that groundcover is, and remains, as privacy-focused as possible.
groundcover offers robust support for Single Sign-On (SSO) through both OpenID Connect (OIDC) and Security Assertion Markup Language (SAML), to ensure seamless and secure access to our platform by integrating with your existing identity provider (IdP).
Built on the OAuth 2.0 framework, is a modern authentication protocol that uses JSON Web Tokens (JWTs) to transfer user information between parties. It is particularly well-suited for modern web applications, mobile apps, and APIs due to its lightweight, RESTful approach and ease of integration with JSON-based environments.
groundcover supports any IdP that uses OIDC, including:
SAML is an older, XML-based protocol that was designed for enterprise-level security and is widely used for federating identity across disparate systems. SAML is ideal for single sign-on in legacy enterprise applications and environments where XML is already in use, providing robust support for complex organizational requirements and integrations.
groundcover supports any IdP that uses SAML, including:
Okta
OneLogin
JumpCloud
PingIdentity
CyberArk Identity
Microsoft Azure AD (Active Directory)
Auth0
Frontegg
WorkOS
SecureAuth
OneLogin
Auth0
Microsoft Azure AD (Active Directory)
PingIdentity
Google Identity Platform
Amazon Cognito
IBM Security Verify
Okta
