# What is BastionXP
BastionXP is an Identity-Based Infrastructure Access Solution. BastionXP functions as a Public Key Infrastructure (PKI) and Certificate Authority (CA) that automatically creates, signs and distributes SSL/TLS X.509 certificates and SSH certificates to servers, devices, workload, clients, and users upon successful SSO login and 2FA authentication via OIDC providers such as Google Workspace, Microsoft Office 365, Okta, Keycloak, GitHub and more.
BastionXP automates certificate management at scale, while simplifying end-user workflow without compromising security.
BastionXP offers Zero Trust Network Access(ZTNA) Security - all servers, workloads, and end-users are required to authenticate with the BastionXP Authentication Server using an SSO and 2FA login, before access to the network can be granted.
BastionXP issues short-lived TLS/SSL X.509 and SSH certificates to end-users so that no user would have an indefinite access to any resource in your organization. Moreover, these certificates, issued to a specific user based on Role Based Access Control(RBAC) can be used to access only a specific server(s) in the network. BastionXP provides you fine-grained control over who can access what resources in a network and for how long.
All network access events are logged and available for download, so that the logs can be analyzed using a log analyzer for anamoly detection.
BastionXP integrates with your IdP (Identity Provider) such as Okta, Microsoft Active Directory (Entra ID), Keycloak, Google Workspace, OneLogin etc. User groups defined in your IdP can be consulted by Bastion's RBAC to issue role and identity-bound user certificates to access your infrastructure. Your IdP can function as a "single source of truth" for all infrastructure access security.
BastionXP software is available in three different formats:
| Software | Features | Best Suited For |
|---|---|---|
| Free Software Version | Limited features & best-effort support | Hobbyists, educational purposes and non-commercial use cases. |
| Cloud-Hosted Version | All enterprise features & priority customer support | Small teams and Startups. |
| Self-Hosted Version | All enterprise features & priority customer support | Enterprises and Large Organizations. |