User Authentication and Security
The following draft provides early access to the Cribl.Cloud Government product release. Features or functionality described are not considered binding commitments and are subject to change at the discretion of Cribl at any time for any reason without notice. This information should not be relied upon in making purchasing decisions.
This document details the Cribl.Cloud Government authentication framework. It outlines the technical controls and policies that govern user access, identity integration, and security compliance.
Secure Access and Authentication
Cribl.Cloud Government provides Federal customers with a comprehensive security framework designed specifically to meet the stringent requirements of government agencies.
Authentication Architecture
Cribl.Cloud Government delivers a robust authentication system built on Federal security standards:
- Dedicated authentication endpoints: Agency-specific URLs specifically designed for secure login to the Cribl.Cloud Government environment.
- Customizable authentication workflows: Tailored processes that allow agencies to integrate their specific identity management rules and policies.
- Isolated Cribl.Cloud Government security boundaries: A logical separation of the government cloud from the commercial cloud, ensuring data and access remain within a secure, compliant environment.
Flexible Identity Integration
The platform supports a variety of integrations with government-approved identity providers, including:
- SAML 2.0 (Security Assertion Markup Language 2.0) integration with FedRAMP-authorized Identity Providers (IdPs).
- Just-in-time user provisioning.
- Role/attribute mapping from agency directories.
- Support for Personal Identity Verification (PIV) and Common Access Card (CAC) is configured and managed through the customer’s SSO provider, not as a direct feature of a Cribl-issued account.
FIPS Two-Factor Authentication (2FA) Requirements
Any user logging in directly through the Cribl.Cloud Government built-in Identity Provider (IdP) must use a FIPS-compliant 2FA method.
The following authenticator types are supported, but must be compliant with FIPS 140-2:
- FIDO2 (WebAuthn): Must be a FIPS-certified security key.
- Passkey alternatives: Passkeys generated by a FIPS-approved vault manager or password manager.
Once an admin sets up Single Sign-On (SSO), users will authenticate using the 2FA rules and devices mandated by your commercial IdP. Any users who continue to access the platform directly via the built-in IdP must adhere to the FIPS 2FA requirement.
Comprehensive Security Policies
Cribl.Cloud Government implements Federal-grade security policies:
- Strong password requirements: 15+ characters with complexity requirements.
- Credential rotation: 60-day password expiration cycles.
- Account protection: Three-attempt lockout policy.
- Dormancy controls: 90-day inactivity suspension.
- Session management: 15-minute administrative console timeouts.
API Keys
For system integrations and automation, Cribl.Cloud Government supports:
- API keys
- OAuth 2.0 authentication
- Service accounts with least privilege
These features are technically consistent with the commercial Cribl.Cloud offering. Agencies may configure additional controls through their identity provider and are responsible for managing their own credential rotation policies to meet compliance requirements, such as the recommended 90-day rotation.
Security Monitoring & Compliance
Ensure a secure and compliant environment with the following built-in features:
- Comprehensive authentication event logging
- Full session activity audit trails
- Authentication metrics and reporting
- Compliance documentation for Federal audits