#1
Defguard
Enterprise-grade zero-trust access management platform providing WireGuard VPN with true protocol-level 2FA/MFA, plus integrated OpenID Connect SSO and user/device controls.
Defguard is an enterprise-grade zero-trust access management platform centered on WireGuard VPN with multi-factor authentication enforced at the VPN protocol level. It also provides integrated identity and SSO capabilities, designed for auditable, private deployments without relying on third-party cloud services.
Key Features
- WireGuard VPN with true connection-level 2FA/MFA (TOTP/email tokens, pre-shared keys) rather than web-only MFA
- Built-in OpenID Connect identity provider for SSO, plus support for external OIDC providers
- LDAP/Active Directory integration with synchronization for users and groups
- User, device, and group management with policy controls (RBAC-style administration)
- Remote user enrollment and onboarding flows, including client configuration distribution
- Forward-auth support for protecting applications behind reverse proxies
- Audit-focused operations with logs and visibility into connected users/devices
Use Cases
- Secure remote workforce access to private networks using WireGuard with enforced MFA
- Replace or complement an existing IdP by acting as an OIDC provider for internal apps
- Centralize user/device onboarding and access policies for multi-site VPN deployments
Defguard fits organizations that need a modern WireGuard-based VPN with strong identity and access controls, while keeping authentication and configuration fully under their own infrastructure.
2.5kstars
83forks