Products – ViewDS Cobalt


ViewDS Cobalt™ Cloud Identity for Managed Service Providers and Cloud Service Providers

ViewDS Cobalt Identity Platform-as-a-Service is a multi-tenanted cloud identity platform for Managed Service Providers (MSPs) and Cloud Service Providers (CSPs). ViewDS Cobalt is designed for you to deploy in your own datacenter and operate using your own tools.

Reliable and Scalable

ViewDS Cobalt is a three-tiered system architected using proven cloud application techniques to make it reliable, scalable, and efficient. ViewDS Cobalt’s built-in cluster management lets you easily scale out the API tier to accommodate increased demand. Built-in data replication lets you scale out the data tier to provide redundancy and reduced latency.

Easy to Deploy and Configure

ViewDS Cobalt uses Docker container technology to simplify initial deployment, tenant onboarding, and scale-out scenarios. Deploying ViewDS Cobalt can be as simple as running a single shell script on a machine running Docker Engine. Onboarding a new tenant or distributing a tenant’s directory to another data center can be accomplished with one or two API calls.

Easy to Integrate

ViewDS Cobalt uses popular industry standard APIs such as OAuth 2, OpenID Connect, and OData, making it suitable as both an IDaaS platform or as comprehensive identity infrastructure for your own cloud applications. Most application platforms provide built-in support for these protocols. And because everything in ViewDS Cobalt is API-driven, you don’t have to work around existing web user interface components.

Easy to Operate

All of the ViewDS Cobalt components generate detailed log messages that are easily consumed by log monitoring and aggregation tools, providing clear insight into system health and performance. ViewDS Cobalt uses industry standard log formats to make integration with monitoring tools easy.

CSP and Tenant Web Portals

ViewDS Cobalt includes easy to use web portals for the CSP as well as tenant administrators and end users. CSP administrators can perform administrative operations either through the web portal or through RESTful command-line tools like curl or PowerShell. Tenant administrators can use their web portal


Multi-tenant Directory Services

At the core of ViewDS Cobalt is a multi-tenant directory based on ViewDS’s mature and proven directory server technology. It provides advanced indexing and caching capabilities to ensure high performance and low resource utilization.

Extensible schema

Each tenant in ViewDS Cobalt has a separately configurable schema. Tenant administrators can add new entity types, extend existing entity types, and define relationships between them. This allows each tenant to configure the directory to suit their own organizational and application needs.

OData Graph API

ViewDS Cobalt exposes directory content through the standard OData API. OData is a RESTful API that allows sophisticated queries and efficient navigation through the directory graph. Many web platforms and tools provide support for OData.

Attribute-based and role-based access control

Access to the ViewDS Cobalt directory is controlled through attribute-based access control (ABAC) and role-based access control (RBAC) policies. Administrators can define access policies based on attributes of users and resources. They can also define their own roles and role hierarchies.

Replicated and Distributed

The ViewDS Cobalt object store can be replicated on a tenant-by-tenant basis, allowing the operator to provide redundancy, increased throughput, as well as controlling the location of sensitive identity data.

Authentication Services

ViewDS Cobalt provides each tenant with a wide range of individually configured authentication services that provide for single sign-on and easy application integration.

OpenID Connect authentication

Interactive authentication to ViewDS Cobalt is done using the OpenID Connect (OIDC) standard. OIDC supports secure authentication using a browser or external program. Users that authenticate using OIDC can then get single sign-on services to registered applications as well as external SAML service providers.

Social Login

Each tenant can configure authentication using popular social login providers such as Google, Twitter, Facebook, and LinkedIn.

SAML Identity Provider

Each tenant can configure one or more SAML identity providers to allow for single sign-on to external SAML-based applications such as cloud SaaS applications. Users who authenticate to ViewDS Cobalt, either through OIDC or externally through another SAML IdP can then get single sign-on to relying applications.

SAML Service Provider

Each tenant can configure ViewDS Cobalt to act as a SAML service provider that takes advantage of an external SAML IdP. With this configuration, users can authenticate using their on-premises Active Directory and a federation service such as Active Directory Federation Services (ADFS).

Two-factor authentication

Each tenant can configure the use of two-factor authentication for specific applications using Google Authenticator.

Certificate-based authentication

Tenant administrators can also configure certificate-based authentication using locally stored certificates or smart cards.

Authorization Services

ViewDS Cobalt also provides tenant-configured authorization services for end-users and applications using industry standard protocols.

OAuth 2 Authorization

Applications integrated with ViewDS Cobalt can take advantage of both OAuth 2 consent-based authorization (user explicitly grants access to their details to an application) or consent-assumed (no user interaction required) authorization.

Externalized Attribute-based and Role-based Authorization (ABAC and RBAC)

ViewDS Cobalt provides each tenant with an authorization endpoint that supports the REST/JSON request profile of the Extensible Access Control Markup Language (XACML) standard. ViewDS Cobalt can store and evaluate both attribute-based and role-based access control policies in response to application requests. This allows CSPs and tenants to externalize authorization policy from their applications and leverage a common set of policies and attributes maintained in ViewDS Cobalt. Tenant administrators can define their own roles and role hierarchies to support the needs of their applications.

Provisioning and synchronization services

ViewDS Cobalt includes the ability to provision and synchronize identity information between Cobalt and other identity stores. This allows Cobalt to act as either the “source of truth” for user identities, or to consume identity information from external systems such as an HR system or on-premises Active Directory.

Using its integrated synchronization engine, Cobalt can provision and synchronize identity information to and from external systems on a scheduled established by the administrator. Cobalt also supports just-in-time provisioning when acting as a SAML service provider or a relying party to a social identity provider.