On This Page

Home / Cribl.Cloud Government/User Authentication and Security

User Authentication and Security

The following draft provides early access to the Cribl.Cloud Government product release. Features or functionality described are not considered binding commitments and are subject to change at the discretion of Cribl at any time for any reason without notice. This information should not be relied upon in making purchasing decisions.

This document details the Cribl.Cloud Government authentication framework. It outlines the technical controls and policies that govern user access, identity integration, and security compliance.

Secure Access and Authentication

Cribl.Cloud Government provides Federal customers with a comprehensive security framework designed specifically to meet the stringent requirements of government agencies.

Authentication Architecture

Cribl.Cloud Government delivers a robust authentication system built on Federal security standards:

  • Dedicated authentication endpoints: Agency-specific URLs specifically designed for secure login to the Cribl.Cloud Government environment.
  • Customizable authentication workflows: Tailored processes that allow agencies to integrate their specific identity management rules and policies.
  • Isolated Cribl.Cloud Government security boundaries: A logical separation of the government cloud from the commercial cloud, ensuring data and access remain within a secure, compliant environment.

Flexible Identity Integration

The platform supports a variety of integrations with government-approved identity providers, including:

  • SAML 2.0 (Security Assertion Markup Language 2.0) integration with FedRAMP-authorized Identity Providers (IdPs).
  • Just-in-time user provisioning.
  • Role/attribute mapping from agency directories.
  • Support for Personal Identity Verification (PIV) and Common Access Card (CAC) is configured and managed through the customer’s SSO provider, not as a direct feature of a Cribl-issued account.

Multi-Factor Authentication (MFA)

All access paths enforce strong MFA requirements:

  • Hardware Security Keys (such as Yubikey) for administrative access.
  • Time-based One-Time Passwords (TOTPs) alternatives when hardware tokens aren’t feasible.
  • Push authentication for standard users.
  • Biometric authentication with PIV/CAC integration via the customer’s SSO provider.
  • MFA is triggered during initial login, elevated operations, after session timeouts, and when accessing from new locations.

Comprehensive Security Policies

Cribl.Cloud Government implements Federal-grade security policies:

  • Strong password requirements: 15+ characters with complexity requirements.
  • Credential rotation: 60-day password expiration cycles.
  • Account protection: Three-attempt lockout policy.
  • Dormancy controls: 90-day inactivity suspension.
  • Session management: 15-minute administrative console timeouts.

API Keys

For system integrations and automation, Cribl.Cloud Government supports:

  • API keys
  • OAuth 2.0 authentication
  • Service accounts with least privilege

These features are technically consistent with the commercial Cribl.Cloud offering. Agencies may configure additional controls through their identity provider and are responsible for managing their own credential rotation policies to meet compliance requirements, such as the recommended 90-day rotation.

Security Monitoring & Compliance

Ensure a secure and compliant environment with the following built-in features:

  • Comprehensive authentication event logging
  • Full session activity audit trails
  • Authentication metrics and reporting
  • Compliance documentation for Federal audits