Identity & Access
Management
Enterprise identity platform with OIDC-based single sign-on (SSO), passkey authentication, passwordless login (OTP, magic links, QR code login), multi-channel verification, OAuth 2.0 / OpenID Connect authorization server with DPoP and Device Authorization Grant, API key management, tenant lifecycle management, password expiration policies, admin-gated account approval, per-user notification preferences, license system with feature flags, runtime configuration, signing key management, and a 100-tool MCP server with AI agent chat. Built on .NET 10 and Next.js 16.
FIDO2 passwordless authentication with device biometrics, security keys, and platform authenticators.
One-time password login via Email or SMS. No password required — just enter a code and sign in.
Cascading verification via Passkey, SMS, WhatsApp, and Email with configurable channel priority.
OAuth 2.0-compliant authorization server with PKCE, DPoP, Device Authorization Grant, consent flows, token introspection, custom claims, SSO session management, and back-channel logout.
Sign in with Google, GitHub, Microsoft, Amazon, LinkedIn, and X with auto-registration.
Four-state tenant management: Pending, Active, Suspended, and Disabled with admin-controlled transitions.
Admin-gated registration. Self-registered accounts require approval before access is granted.
TOTP authenticator apps, SMS codes, WhatsApp codes, email codes, passkey challenge, and recovery codes with QR code setup wizard.
Each OAuth client can configure allowed login methods, toggle registration and password reset, and customize login page branding.
Reset passwords via SMS verification code. Full flow from phone number to new password without email access.
Recover account access via verified phone number when email is unavailable. SMS-based identity verification.
Tenant-level configurable password expiration. Expired passwords are enforced across all auth flows with automatic notifications.
Per-user login alerts, password change, and password expiration notifications via SMS and Email with granular preferences and audit logging.
Create, list, and revoke API keys for partner integrations with hash-based storage and X-API-Key header authentication.
100-tool MCP server with AI agent chat for natural language platform administration and per-conversation model selection.
27 feature flags across 11 categories with 4 limit types. Heartbeat-based token renewal and middleware enforcement.
Database-backed configuration with 11 categories and 63 settings. Admin API with secret masking and precedence over appsettings.
12 JWT signing algorithms across HMAC, RSA, RSA-PSS, and ECDSA families with 2048/4096-bit RSA support, database-stored keys, key rotation, and Azure Key Vault support.
65 event types with HMAC-SHA256 signed delivery, exponential backoff, and full audit trail.
Fine-grained role-based access control across all resources with claims transformation and system/tenant scopes.