A robust identity solution relies must be build on a solid foundation.

The architecture of is characterized by scalability and flexibility.

Federation layer

A major component is the federation layer. This layer provides single sign-on and token verification capabilities.

It supports OAuth 2.0, OpenID Connect 1.0 and SAML 2.0. It can easily be extended to support new protocols. is not simply a wrapper around a few federation protocols but has abstracted away from individual protocols.

Authentication Tree

How and when to authenticate depends on your organization its policies, user preferences and context.

While historically it was sufficient to authenticate users with username and password verification, nowadays two-factor authentication is the de facto standard. In fact, more and more organizations are moving towards passwordless authentication.

Constantly changing requirements demand a flexible authentication framework. The solution allows chaining authentication modules together in order to provide an adaptive authentication experience. Enforcing security controls and providing the best user experience.

UI Server

From big idaas providers like Auth0 and Okta, differentiates by having decoupled the user interfacing from the identity server. This technical solution provides you with full control over your user experience. Far beyond competitors offer. Not by writing platform-specific scripts or deep technical knowledge about authentication protocols, but merely by using client-side technologies as html and javascripts (no DNS changes or server side scripting required).

Serverless for user scripting

It should be preferred to use out-of-the-box functionalities from off-the-shelf software. But a toolbox should not restrict your organization in providing value to your customers. allows plugging in scripts into the authentication flow.


Each authentication module maintains its own session storage. This allows differentiating how long each authentication result should get rememebered.

Each module allows configuring wether to remember its result in a session, a cookie, or not at all.


An access token is a JWT. Yet, can still be used as regular OAuth access tokens. You can introspect and revoke these tokens.