Security considerations

Data Privacy

groundcover’s architecture is built with privacy as one of its primary drivers. All data that groundcover collects is stored in-cluster, inside your environment. Our default deployment is built in a way that ensures no data ever leaves your cluster, and that remains the case forever. See our Architecture section for more details.

When someone from your company enters the groundcover UI, a secure encrypted data tunnel will enable the movement of data to the UI, such that the user will be able to access and visualize the data. No data that is passed to the UI is persisted on groundcover's side. This architecture ensures that groundcover is, and remains, as privacy-focused as possible.

Single Sign-On (SSO) Support with OIDC and SAML

groundcover offers robust support for Single Sign-On (SSO) through both OpenID Connect (OIDC) and Security Assertion Markup Language (SAML), to ensure seamless and secure access to our platform by integrating with your existing identity provider (IdP).

OIDC

Built on the OAuth 2.0 framework, OIDC is a modern authentication protocol that uses JSON Web Tokens (JWTs) to transfer user information between parties. It is particularly well-suited for modern web applications, mobile apps, and APIs due to its lightweight, RESTful approach and ease of integration with JSON-based environments.

groundcover supports any IdP that uses OIDC, including:

SAML

SAML is an older, XML-based protocol that was designed for enterprise-level security and is widely used for federating identity across disparate systems. SAML is ideal for single sign-on in legacy enterprise applications and environments where XML is already in use, providing robust support for complex organizational requirements and integrations.

groundcover supports any IdP that uses SAML, including: