How It Works
Step 1:Deploy the Gluu Server
Deploy the Gluu Server
The Gluu Server is your central authentication server--it's where your applications send users to login, where you store information about people, and where you enable your Super Gluu two-factor authentication service.
Step 2:Enable Super Gluu
Enable Super Gluu
Now that you have a Gluu Server to handle login for all your web and mobile apps, you can update your default authentication mechanism to Super Gluu. Once enabled, users will be presented with two-factor authentication during login.
Step 3:Download the App
Download the App
Now that Super Gluu is enabled, you need to download the app from the Android or iOS marketplace. Open your app store and search for Super Gluu, or follow the appropriate button below.
Initiate the login sequence to any application that leverages your Gluu Server for login. When you see a QR code, scan it with your Super Gluu app. Approve the authentication. Now your device is enrolled, and you are securely logged in.
Super Gluu authentication is supported out-of-the-box by the Gluu Server. Simply navigate to the Authentication Management tab in your Gluu Server and change the default authentication mechanisms to Super Gluu.
Fun to Use
On your first login attempt you will be presented with a QR code that you can scan with your Super Gluu app. This is how you bind your device and account. On all subsequent login attempts you will receive a push notification alerting you when there is a login attempt against your account.
Super Gluu uses the FIDO U2F endpoints on the Gluu Server to implement public/private key cryptography. When authentication happens, there is a challenge response to ensure that the device has the respective private key.
Protected by pin code or thumbprint
In the Super Gluu app you can toggle the use of a Pin code or fingerprint to protect access to your Super Gluu app. With pin or fingerprint security enabled, each time you open the app you will be prompted for authentication.
Optional hardware token
By default the private keys are stored on the mobile device where Super Gluu is installed. To add an additional layer of security, you can bind a U2F BLE-enabled device, like the Vasco SecureClick, to store the private keys. Once enabled, a successful authentication will require approval on Super Gluu and a tap of your U2F device.
Simple Plans for Organization's of All Sizes!
Frequently Asked Question
Is Super Gluu free to use?
Yes! Super Gluu is a 100% completely free two factor authentication mobile application. We encourage you to tell your friends too!
Can I customize the look and feel of Super Gluu?
No, however, you can use the free open source oxPush3 source code to publish your own custom branded two-factor authentication app. Or you can signup for one of our customization packages.
How do I enable Super Gluu in my Gluu Server?
Simply navigate to the Authentication Management tab within your Gluu Server and change the default authentication mode from Basic to Super Gluu.
Does Gluu provide any professional services around Super Gluu?
It depends on what types of customizations are needed. Best thing to do is just ask!
Can I use Super Gluu with an IDP other than the Gluu Server?
Super Gluu uses the FIDO U2F endpoints built into the Gluu Server to register a public key with the IDP. This is what enables the challenge / response at authentication time and what makes Super Gluu secure. In order to use Super Gluu with an IDP other than the Gluu Server, the IDP would need to support the U2F standard.
Is Super Gluu secure?
Yes! Super Gluu uses the FIDO U2F endpoints built into the Gluu Server to enroll a public key during enrolmment. When an authentication happens, there is a challenge response to ensure that the device has the respective private key.
Where can I use Super Gluu?
Super Gluu can be used for any authentication transaction that happens at your Gluu Server. So, you can use Super Gluu to login to any application that relies on your Gluu Server for authentication.