# BastionXP Cloud or SaaS Version
In this guide, you'll learn how to create a Cloud or Software-as-a-Service(SaaS) (opens new window) version of BastionXP. It is absolutely FREE to try for 14-days. No credit card required.
If you are interested in trying BastionXP Enterprise version in a on-prem server, please follow the BastionXP Enterprise On-Prem guide.
Note:
The cloud-hosted version runs the enterprise version of the BastionXP software and is offered as a free trial for a limited period (14-days).
The BastionXP instance created will be running in our cloud servers. After the free trial period ends, you have the option of converting it into a paid subscription. If not, the instance will be deleted automatically and all your data will be purged.
Please write to [email protected], if you would like to extend the free-trial period for extending testing.
# Prerequisites
You need to have the following information before you could start your free trial in the cloud:
- The name of your company and your company's website URL.
- The name of the Open ID Connect(OIDC) based Single Sign-On(SSO) provider your company uses for user logins to your business applications, namely Microsoft Azure, Google G-Suite, Keycloak, Okta etc. BastionXP also supports GitHub OIDC SSO login for small teams.
- Enable Time-based One Time Password(TOTP) 2FA authentication with your OIDC SSO provider for added security.
- The email ID of the admin user(primary user) of the BastionXP CA instance. The user with this email ID should be able to login using the SSO provider specified in the step #2 above. If you are using GitHub SSO make sure that this email ID is the one you used to create your GitHub Account.
- Register BastionXP as a client app with your OIDC SSO provider and obtain the OIDC/OAuth credentials(Client ID and Client Secret) for SSO login. You'll be using the public URL provided by BastionXP Cloud Portal to register with your SSO provider as the OIDC login callback URL. This URL will be of the format: https://your-company-name.bastionxp.com
Note:
If you want BastionXP CA to support any other OIDC or SAML based SSO login provider that is currently not supported by BastionXP, please write to us at: [email protected]. We'll be happy to add the support.
# Overview:
First, you'll be asked to signup or login to the BastionXP Cloud Portal (opens new window) so that you could create a new cloud account with us.
You can use your company's email ID to login to the BastionXP Cloud Portal using your company's SSO provider.
After you have signed up or logged in successfully into our cloud portal, you can create a new instance of BastionXP CA server in the cloud for trial and testing purposes.
The BastionXP CA server instance needs a unique public domain name so that you could access it from anywhere. For BastionXP cloud instance this domain name will be a subdomain of the bastionxp.com domain. For this purpose, you'll be asked to provide a list of information such as the name of your company, so that a unique subdomain name (Eg: example-company-inc.bastionxp.com) could be generated for your BastionXP instance based on this information.
Finally, you'll be asked to provide the OIDC SSO credentials created for the BastionXP app(OIDC client app). The new BastionXP server instance created will use this OIDC SSO credentials to authenticate you and your team members.
# Step #1: Create a BastionXP Cloud Account
Go to BastionXP Cloud Portal (opens new window) and signup/login using the SSO provider for your company's email account. This will create a new BastionXP account for you.
Let's say, your company's email account is hosted in Microsoft Office 365, then login using the Microsoft Office 365 login credentials for your email ID. A new BastionXP account will be created and associated with this email ID.
Note:
If you don't want to use your company's email ID, you could use your GMail, Microsoft Outlook Email or GitHub ID to login to the BastionXP cloud portal.
You can always visit this cloud portal to check your account details and the details about your BastionXP instance.
After you have successfully logged in, you'll be moved to the next step.
# Step #2: Create a New BastionXP Instance
In this page, you'll be asked to provide the following information:
# Your Company Name
Enter the name of your company. For eg: "Microsoft Corporation Inc USA 98052". Based on this information, a new subdomain name will be created and mapped to the new BastionXP instance that is about to be created in the next step. In this example, the subdomain name generated will be: microsoft-corporation-inc-usa-98052.bastionxp.com
Your company name cannot be a single word. It must have alteast two words, for example: cisco inc, cisco systems inc, microsoft corporation mountain view., Robert Bosch GmbH.
Note:
The company name you provide should be unique and should not match with any existing user's account. It must have alteast two words separated by a space. No hyphens or special characters are allowed. Only allowed characters are alphabets, space and numbers. No spaces allowed before the first word and after the last word. A single space between words is acceptable.
# Select your OIDC SSO Provider
Select your OIDC SSO provider from the options listed in the drop down options. We'll be using GitHub SSO as an example for our discussion in this guide. The procedure is the same for other SSO providers.
# Your GitHub Email ID
This is the email ID (Eg: [email protected] or [email protected]) you used to create your GitHub account. You could find this information from your GitHub account's settings page.
This email ID will be used to configure the new BastionXP instance with a default admin account.
It is preferred that you associate your company's email ID with your GitHub account so that it is easy to map it to your BastionXP cloud account. But this is not mandatory.
# GitHub OAuth Credentials
You need to create a new GitHub OAuth Credentials for use with this BastionXP app. Follow the detailed instructions in the GitHub OAuth documentation page to: Create a free GitHub OAuth creditials for use with the BastionXP app. (opens new window)
The BastionXP app's authorization callback URL will be of the form:
https://your-subdomain-name.bastionxp.com/api/logincallback
Note:
You need to replace the subdomain name in the URL above with the subdomain name uniquely created for you in the previous step based on your company's name.
There should NOT be any / at the end of the URL.
Here is a screenshot of the GitHub OAuth App Registration process:
You need to click the Generate a new client secret button in the screenshot below to generate a new client secret exclusively for use with the BastionXP app.
Note:
Sharing the GitHub OAuth App's Client ID and Client Secret with BastionXP will not permit BastionXP to login to your GitHub account or access GitHub resources such as your projects, source code etc.
These credentials cannot be used to login to your GitHub account or clone your projects.
These credentials can be and will be used to authenticate your team members who will sign-in to your BastionXP instance running at: https://your-company-name.bastionxp.com only.
Copy and paste the GitHub OAuth Client ID and Client Secret created above into the form displayed in the BastionXP cloud portal.
Finally click the Create Account button to create a new account and kickstart a new BastionXP instance for your account.
You'll be taken to the BastionXP account's summary page.
# Step #3: Access your BastionXP CA instance in the cloud
Go to the "Cloud Version" tab in the BastionXP Cloud Portal, click the "BastionXP CA URL" or copy/paste the URL in a new window.
You'll be taken to your BastionXP CA instance's web portal. Select your SSO provider and login using the admin email ID, password and the 2FA passcode, if enabled.
After you have successfully logged in to your BastionXP instance, follow the documents below to download server and client certificates:
Certificates for SSL/TLS X.509 server and client applications:
Certificates for SSH hosts/VMs and SSH clients:
Please replace the BastionXP domain name in the examples used in these documentations, with the subdomain uniquely created for you. For eg: https://your-company-name.bastionxp.com. You should download the bsh client from your BastionXP instance's download link.
For any questions or comments, please feel free to write to us at: [email protected]