Skip to main content

Zero Trust Access with Hashicorp Boundary

· 2 min read
Lukas Siegle
Junior SysAdmin / DevOps

At bitExpert, access management is handled conventionally, whereas system access is managed via our LDAP infrastructure. Since we have moved to Office 365 and Azure Active Directory (AAD) 3,5 years ago, we have to manage access in those two systems: LDAP and AAD.

Even though we have built ourselves a synchronization tool between AAD and LDAP, people have to deal with two passwords, which is annoying. Plus, all LDAP-backed services do not rely on 2FA mechanisms that come out of the box with AAD.

We've been looking for possible solutions for a while. When Hashicorp announced Boundary for allowing Identity-based access, it felt like a good solution as it complements our existing Hashicorp stack with Nomad, Consul, and Vault.

With HashiCorp Boundary in place, we can erase existing flaws in our access management system. Boundary introduces a centralized controller easily manageable by an administrator to oversee and manage access efficiently, eliminating the time-consuming aspects of manual credential distribution. The initiation of connections is seamlessly handled by boundary. Additionally, Vault can be integrated into Boundary, offering short-lived, just-in-time credentials.

Users benefit from HashiCorp Boundary through its user-friendly desktop application and command-line interface (CLI), providing seamless authentication. Leveraging an OpenID Connect (OIDC) Provider, such as AAD, adds an extra layer of security to the authentication process.

Once authenticated, users can effortlessly request a connection from Boundary. The process is streamlined as the connection is proxied through the loopback address, ensuring a secure and efficient interaction.