AegisWire™ · Control Plane

Enterprise Control Plane, Dedicated Per-Customer

Every customer gets their own dedicated control plane instance. No shared infrastructure. No multi-tenant control plane. Each instance serves exactly one customer with its own database, credentials, and policies.

Dedicated per-customer instance

Built-in user management & MFA

Enterprise IdP integration

API-first automation

AegisWire™ Control Plane

Dedicated instance per customer

Production

1:1

Instance Ratio

One per customer

Full RBAC

Access Control

Granular permissions

Built-in

MFA/TOTP

No external dependency

REST + gRPC

API Coverage

Full automation

Dedicated Per-Customer IsolationShipping

Built-in User ManagementShipping

Enterprise IdP IntegrationShipping

Signed Policy DistributionShipping

Hardware Appliance DeploymentShipping

Core Management Functions

Everything you need to manage users, devices, credentials, and policies from a single dedicated control plane.

Tenant & Organization Management

Manage organizations, teams, and tenant boundaries. Each customer operates within their own dedicated control plane instance with full isolation.

User & Device Enrollment

Onboard users and register devices with identity verification. Manage the full lifecycle from enrollment through decommissioning.

Credential Lifecycle

Issue, rotate, and revoke credentials on demand or on schedule. Automated rotation policies ensure credentials never go stale.

Signed Policy Distribution

Distribute versioned, cryptographically signed policies to all endpoints. Every policy artifact is authenticated and traceable.

Audit & Access Controls

Comprehensive audit logging with configurable retention. Track every administrative action, authentication event, and policy change.

Client & Gateway Rollouts

Coordinate updates and rollouts for clients and gateways. Staged deployments with rollback capability across your fleet.

API-First Automation

Full REST and gRPC APIs for every management function. Automate provisioning, policy updates, and operational workflows programmatically.

Key Differentiator

Built-in User Management

Works standalone — no external identity provider required. Full user lifecycle management, authentication, and authorization built directly into the control plane.

Full User Lifecycle

Create, read, update, and delete users. Complete user management without any external dependency.

Password Policies

Configurable password requirements — complexity, expiration, history. Enforce password policies that match your security posture.

Built-in MFA/TOTP

Multi-factor authentication with QR-code provisioning and backup codes. No external authenticator service required.

Roles & Permissions

Admin, user, and read-only built-in roles plus custom roles with granular permissions. Assign exactly the access level needed.

Groups & Policy Assignment

Organize users into groups and assign policies at the group level. Simplify management at scale.

Session Management

View and manage active sessions with full admin visibility. Terminate sessions on demand when needed.

Audit Logging

Every authentication attempt, permission change, and administrative action is logged with timestamps and actor attribution.

Rate Limiting & Lockout

Rate-limited authentication endpoints with automatic account lockout after repeated failures. Brute-force protection built in.

Enterprise Identity Integration

Connect your existing identity provider when you need it. External IdP users coexist with built-in users seamlessly. If you remove an external IdP, the system continues to operate with built-in accounts — no lockout, no disruption.

Identity federation is optional, not mandatory. The control plane is fully functional standalone, and external providers add convenience without creating dependency.

Azure Entra ID

Microsoft identity platform

AWS Identity Center

AWS SSO integration

Okta

Workforce identity

Keycloak

Open-source IdP

Generic OIDC / SAML

Any standards-compliant provider

How Identity Integration Works

External identity providers are additive. Built-in user management is always available. Your control plane never depends on an external service to function.

Built-in Users Active

Local user accounts work out of the box, no configuration required

Connect External IdP

Optionally link Azure AD, Okta, AWS IAM, Keycloak, or any OIDC/SAML provider

Users Coexist

External IdP users and built-in users operate side by side

Unified Policy

Same policies, roles, and groups apply regardless of authentication source

Safe Removal

Disconnecting an external IdP never breaks access — built-in accounts continue working

Web-Based Administration

A single admin interface for every control plane function. Manage users, devices, groups, policies, gateways, identity providers, audit logs, and active sessions — all from the browser.

User, device, and group management

Policy creation and distribution

Gateway pool configuration

Identity provider setup

Audit log review and export

Session monitoring and termination

Incident response playbooks

Admin Dashboard

All management in one place

Users

Devices

Policies

Gateways

Identity

Audit Logs

Sessions

Settings

Security Properties

Authentication and session security enforced at every layer. Fail-closed by default.

JWT Validation

OIDC JWT validation supporting RS256, ES256, and HS256 algorithms. Tokens are verified on every request.

Fail-Closed Enforcement

Invalid tokens, missing verifiers, or issuer mismatches result in denied access. The system never falls open on validation failure.

Tenant-Provider Routing

Strict enforcement of tenant-to-provider routing. Credentials from one tenant context cannot be used in another.

Secure Cookie Handling

HttpOnly, Secure, and SameSite=Strict cookie attributes enforced across all session management surfaces.

Deployment Models

Run your dedicated control plane wherever your security and compliance requirements demand.

Available

Managed SaaS

Dedicated containers operated by AegisWire. Your own isolated instance, fully managed — no shared infrastructure.

Available

Dedicated Hosted

Deployed in your cloud account, managed by AegisWire. Your infrastructure, our operations expertise.

Available

Self-Hosted

Customer-operated under license. Full control over your deployment, your environment, your schedule.

Available

Hardware Appliance

Purpose-built hardware for air-gapped and high-security environments. On-premises with no external dependencies.

See the Control Plane in Action

Request a technical walkthrough of the AegisWire control plane, user management, identity integration, and deployment options with the ITLOX team.

View Full Platform