Security considerations

Data Privacy

groundcover’s architecture is built with privacy as one of its primary drivers. All data that groundcover collects is stored in-cluster, inside your environment. Our default deployment is built in a way that ensures no data ever leaves your cluster, and that remains the case forever. See our Architecture section for more details.

When someone from your company enters the groundcover UI, a secure encrypted data tunnel will enable the movement of data to the UI, such that the user will be able to access and visualize the data. No data that is passed to the UI is persisted on groundcover's side. This architecture ensures that groundcover is, and remains, as privacy-focused as possible.

Single Sign-On (SSO) Support with OIDC and SAML

SSO support is an exclusive feature available in our enterprise plan. Implementing SSO requires coordinated actions between groundcover and your team. To initiate the process, please contact us through Slack to ensure seamless communication and successful setup.

groundcover offers robust support for Single Sign-On (SSO) through both OpenID Connect (OIDC) and Security Assertion Markup Language (SAML), to ensure seamless and secure access to our platform by integrating with your existing identity provider (IdP).

OIDC

Built on the OAuth 2.0 framework, OIDC is a modern authentication protocol that uses JSON Web Tokens (JWTs) to transfer user information between parties. It is particularly well-suited for modern web applications, mobile apps, and APIs due to its lightweight, RESTful approach and ease of integration with JSON-based environments.

groundcover supports any IdP that uses OIDC, including:

Okta

OneLogin

Auth0

Microsoft Azure AD (Active Directory)

PingIdentity

Google Identity Platform

Amazon Cognito

IBM Security Verify

SAML

SAML is an older, XML-based protocol that was designed for enterprise-level security and is widely used for federating identity across disparate systems. SAML is ideal for single sign-on in legacy enterprise applications and environments where XML is already in use, providing robust support for complex organizational requirements and integrations.

groundcover supports any IdP that uses SAML, including:

Okta

OneLogin

JumpCloud

PingIdentity

CyberArk Identity

Microsoft Azure AD (Active Directory)

Auth0

Frontegg

WorkOS

SecureAuth

The full list of available SSO providers is too long to display. Any SSO provider that uses OIDC and/or SAML can be supported by groundcover. Full implementation guides for the most popular SSO providers for each protocol will be published soon.

Last updated