Features

GuardianKey Auth Bastion Enterprise is a comprehensive solution for web system protection with two-factor authentication (2FA), GovBR login integration, centralized management, and adaptive security.

Its main advantage is the ability to act as an external and non-intrusive security layer, requiring no changes to the protected systems, enabling protection even for legacy or highly regulated environments.

Below are the main features of the solution, organized by category.

---

📌 TOC (Table of Contents)

• Features
  • 📌 TOC (Table of Contents)
  • 🔐 Advanced Authentication
    • ✅ Two-Factor Authentication (2FA)
    • 🆔 OAuth2 Login Integration
  • ⚙️ Flexible and Compatible Configuration
    • 🌐 Compatibility with Any Web System
    • 🧩 Modular Management by Authgroup
  • 🖥️ Complete Administrative Panel
    • Main Modules:
    • Settings Submodules:
  • 🛡️ Advanced Security
    • ✅ Risk Score (optional)
    • ✅ Bot Deterrence
    • ✅ Granular Access Policy
  • 🚀 Simple Deployment
  • 📘 Conclusion

---

🔐 Advanced Authentication

✅ Two-Factor Authentication (2FA)

• 2FA implementation before the original system login
• Support for multiple methods:
  • TOTP (e.g., Google Authenticator, Authy)
  • Token via email or SMS
  • Other configurable channels
• Native management of 2FA tokens and users
• Authenticated sessions by token linked to IP and TTL
• Option to reuse the session token while valid

🆔 OAuth2 Login Integration

• Federated login via GovBR as the main authentication method
• Support for exclusive or optional mode
• Automatic injection of the “Login with GovBR” button (customizable via template)
• Full integration with OAuth2 (production or homologation)
• Automatic redirection after login, with user CPF identified
• Possibility to associate risk score via GuardianKey Auth Security

---

⚙️ Flexible and Compatible Configuration

🌐 Compatibility with Any Web System

• Operates via transparent reverse proxy
• Compatible with legacy or modern systems, no code changes required
• Supports multiple domains and systems simultaneously
• Can be deployed with Let's Encrypt certificates (automatic renewal) or manual certificates
• Supports different user registration methods:
  • By email
  • By login/password validated in the system
  • By external API
  • Controlled by the bastion

🧩 Modular Management by Authgroup

• Creation of authentication groups (authgroups) per protected system
• Mapping of protected paths by domain
• Association with backends (round-robin load balancing)
• Definition of specific policies per group:
  • 2FA type
  • Registration method
  • Token TTL and scope
  • User reuse via User Pool

---

🖥️ Complete Administrative Panel

The administration interface is based on the GDN Cyber Security Platform, modern, responsive, and accessible via browser.

Main Modules:

• Dashboards: charts, rankings, and filters for usage and security analysis
• Users: complete management of 2FA users (data, status, audit)
• Auth Tokens: management of active sessions
• Explore Events: detailed event queries (with search and filters)
• Settings: centralized solution configuration

Settings Submodules:

• Domain Names: protected domains with SSL certificate configuration
• Auth Groups: authentication group configuration
• GK Integrations: integration with GKAS (risk) and GKTinc (deterrence)
• Templates: customization of HTMLs and emails
• Firewalling: geographic access restriction
• GovBR Integration: parameters for federated authentication
• User/IP Policies: exceptions and adjustments by user or IP
• Audit Logs: full traceability of administrative actions

---

🛡️ Advanced Security

✅ Risk Score (optional)

• Integration with GuardianKey Auth Security for authentication risk assessment
• Actions conditioned by score (e.g., require 2FA on suspicious logins)

✅ Bot Deterrence

• Integration with GK TINC Enterprise for cryptographic browser challenges
• Reduces automated attacks and scraping

✅ Granular Access Policy

• Specific policies by:
  • User: custom TTL, whitelist
  • IP or CIDR range: allow or block
• Policy priority controlled (IP takes precedence over user)

---

🚀 Simple Deployment

• No need to modify existing systems
• Low adoption curve for technical teams
• Capable of protecting multiple applications with independent rules
• Ready for corporate and government environments

---

📘 Conclusion

GuardianKey Auth Bastion Enterprise combines robust security, integration flexibility, and centralized management, enabling the protection of critical systems without operational impact.

With support for MFA, GovBR federated login, policy control, auditing, and visual dashboards, the solution stands out as a modern, reliable, and scalable authentication bastion platform.