🤯 Support for Kubernetes Gateway API is now available in developer preview. Learn more ->
November 17, 2022
|
5
min read

ngrok becomes Identity Aware with App Users

Security
Security
OpenID Connect
OAuth
SAML
Authentication
by
Russ Savage
Russ Savage
Cover Image for ngrok becomes Identity Aware with App Users

ngrok is the fastest way to add authentication to your applications. Today, we are adding additional visibility for users logging into your application through our edge. Now you can see your application users in the ngrok dashboard and view their identity details. This includes contextual information about their device, browser, and network along with the ability to revoke a session instantly.

In this blog, I'll explain why this feature is a huge win for security and how you can take advantage of it today.

Continuous auth and context meet the edge

When we think of Zero Trust or BeyondCorp – I know, I get it, take a deep breath, I have a point – it’s not just detecting and responding to issues at authentication time. You need to secure the entire interaction from log in to log out. BeyondCorp and Zero Trust are new security approaches that shift security away from the traditional network perimeter and require every interaction to be authenticated. They are becoming popular as companies open up apps and data from private data centers to multiple clouds, SaaS services, and remote networks.

To keep systems safe, BeyondCorp and Zero Trust deploy new security controls that include:

  1. Use security policies that combine multiple signals and context from the device, identity, and network.
  2. Provide continuous auth and re-evaluate the security posture with every single request. ngrok users now have the ability to view, revoke, and block sessions in flight. And as we keep rolling out new features and integrations, it will become a key security component for any application.

The best part of App Users? It works seamlessly on top of the ngrok identity features. So, if you use OAuth, OIDC, or SAML, you get session visibility and controls without changing anything, drastically reducing the barrier of adoption for security.

Identity visibility with ngrok and App Users

App Users in action

Using App Users is simple:

Launch a session:

1. To start, sign up for ngrok with a Pro account.

2. In the ngrok Dashboard, copy your Authtoken and install it using:

ngrok config add-authtoken

3. Launch ngrok and start a tunnel with OAuth (for example to Google):

ngrok 8080 --oauth=google


4. Access your app and complete the social sign-in

5. After that, return to the ngrok dashboard and access the app users page: (https://dashboard.ngrok.com/cloud-edge/app-users). You will see your session listed:

Examine an existing User Session

Once you have visitors authenticating through your tunnel, you can review and revoke a session from the dashboard or the API. To get started, I’ll walk you through the ngrok Dashboard approach.

1. Click the session. ngrok will display the provider who authenticated your session, basic information about the user, and which tunnels/edges they accessed.

2. Click the endpoint. ngrok will display contextual information about the user’ device and browser.

Tip: Pasting the coordinates on Google maps will give you more detailed information about the IP geolocation.

Revoking a User session

  1. Close all panes to the right-hand side and return to the app users page.
  2. Click the trash can next to the user and then confirm the deletion.
  3. The user session is revoked immediately. To get back, the user must log in again using Google as the Authentication provider.

Note: You can also programmatically investigate and revoke user sessions using the App User and Session APIs. For example, to revoke a session:

curl --location --request \
DELETE 'https://api.ngrok.com/app/users/{session-id}' \
--header 'Ngrok-Version: 2' \
--header 'Authorization: Bearer {ngrok api token}'

Conclusion

App Users allow ngrok admins and developers to get information about identities with sessions in ngrok tunnels — including user details and contextual info about device, identity provider, and network — and revoke sessions with instant results. And as we keep rolling out new features and integrations, this will become a key security component for any application.

App Users are generally available today (docs here) and we're looking forward to hearing your feedback. If you have notes and questions, please reach us in our ngrok Slack community.

From there, you can also ask us for temporary access to all our features so you explore, play, and make our functionality even better.

Share this post
Russ Savage
Russ Savage is a Product Manager at ngrok focused on building amazing product capabilities for our users. He is a developer at heart and loves contributing to open-source projects when he can. He was previously building developer tools and experiences at InfluxData.

← back to index

Security
OpenID Connect
OAuth
SAML
Authentication
Security
Production