IDColab — Zero Trust Stack
What is IDColab?
IDColab is a secure collaboration platform that enables organizations to expose internal and legacy applications to external users without the need for VPN, agents or browser plugins. The platform implements a Zero Trust architecture where every connection is authenticated, authorized and encrypted end-to-end.
Problem it Solves
Companies with internal applications (ERPs, CRMs, workshop management tools, etc.) need to provide secure access to external collaborators without exposing their corporate network. Traditional solutions (VPN, SSH tunnels, port forwarding) are complex, insecure and difficult to manage.
Value Proposition
| Feature | Description |
|---|---|
| 🔒 Native Zero Trust | Every request is authenticated and encrypted via mTLS — no traditional network perimeter |
| 🌐 No VPN or plugins | Users access from any modern browser, without installing anything |
| 🔑 Centralized identity | User, role and group management through Keycloak (OIDC/PKCE) |
| 🏗️ Unmodified legacy apps | Existing applications are exposed as-is, without code changes |
| 📊 Management portal | Angular interface for managing users, access and monitoring connections |
Product Presentation
🎬 Live Demo
The video shows the complete platform flow: from external user access to the secure connection with the workshop's internal application, through OIDC authentication with Keycloak and OpenZiti overlay network mediation.
Use Case: Collaborative Workshops
IDColab was born as a solution for a real scenario: automotive workshops that need to share repair information, inventory and billing with their collaborators (assessors, insurers, suppliers) securely and without exposing their internal systems to the internet.
External collaborator (assessor) Workshop (internal network)
│ │
│ 1. Access public URL │
▼ │
┌──────────────┐ │
│ Browser │ 2. Login OIDC/PKCE │
│ (no VPN) │─────────────────────┐ │
└──────────────┘ │ │
▼ │
┌──────────────┐│
│ Keycloak ││ 3. Verify identity
│ (IdP) ││ + group + permissions
└──────┬───────┘│
│ │
4. JWT │ │
▼ │
┌──────────────┐│
│ Zrok Share ││ 5. Secure proxy over
│ (overlay) ││ OpenZiti network (mTLS)
└──────┬───────┘│
│ │
▼ ▼
┌──────────────────┐
│ Workshop app │
│ (Legacy, Flask) │
│ localhost:5000 │
└──────────────────┘Zero Trust Technologies
| Component | Technology | Role |
|---|---|---|
| Overlay network | OpenZiti | mTLS encryption between all services |
| VPN-less ingress | Zrok | Exposes local apps via overlay without VPN |
| Identity broker | Keycloak | OIDC/PKCE + OAuth2 JWT |
| Frontend | Angular | Management portal with integrated Ziti SDK |
| Public TLS | nginx + Let's Encrypt | Wildcard certificate for secure public access |