Built for enterprise
Multi-tenant organizations
Create isolated tenants with their own members, groups, OAuth clients, and service accounts. Organization admins manage their own users without seeing other tenants.
SAML 2.0 federation
Full IdP implementation: SSO, SLO, signed assertions, attribute mapping, pairwise NameID, SP certificate pinning. Connect to any SAML-compatible enterprise app.
SCIM 2.0 provisioning
Automated user and group lifecycle management. Bulk operations, filter queries, PATCH support, and org-scoped tokens for tenant isolation.
Conditional access policies
Define access rules based on IP range, geo-location, device trust, risk score, and time of day. Block, require step-up MFA, or require CAPTCHA per policy.
Service accounts & PATs
Machine-to-machine authentication with client credentials grant. Personal access tokens with scope limits and HMAC-keyed storage for CI/CD.
Custom branding & domains
Per-client branding for consent pages, custom CSS, logo, and support URLs. White-label the login experience for each connected application.
LDAP / Active Directory
Sync users and groups from LDAP directories. AES-256-GCM encrypted bind credentials, filter-injection protection, TLS enforcement.
Analytics & audit
Real-time dashboards: DAU/WAU/MAU, login trends, 2FA adoption, auth-method breakdown. Hash-chained tamper-proof audit trail with actor binding.
Enterprise-ready out of the box
No custom engineering required. Every feature below is available today.