# What is BastionXP
BastionXP is a Public Key Infrastructure (PKI) and Certificate Authority (CA) that automatically creates, signs and distributes SSL/TLS X.509 certificates and SSH certificates to servers, devices, workload, clients, and users upon successful SSO login and 2FA authentication via OIDC providers such as G-Suite, Microsoft Office 365, Okta, Keycloak, GitHub and more.
BastionXP automates certificate management at scale, while simplifying end-user workflow without compromising security.
BastionXP offers Zero Trust Network Access(ZTNA) Security - all servers, workloads, and end-users are required to authenticate with the BastionXP Authentication Server using an SSO and 2FA login, before access to the network can be granted.
BastionXP issues short-lived TLS/SSL X.509 and SSH certificates to end-users so that no user would have an indefinite access to any network resource. Moreover, these certificates, issued to a specific user based on Role Based Access Control(RBAC) can be used to access only a specific server(s) in the network. BastionXP provides you fine-grained control over who can access what resources in a network and for how long.
All network access events are logged and available for download, so that the logs can be analyzed using a log analyzer for anamoly detection.
BastionXP software is available in three different formats:
| Software | Features | Best Suited For |
|---|---|---|
| Free Software Version | Limited features & best-effort support | Hobbyists, educational purposes and non-commercial use cases. |
| Cloud-Hosted Version | All enterprise features & priority customer support | Small teams and Startups. |
| Self-Hosted Version | All enterprise features & priority customer support | Enterprises and Large Organizations. |