Federated Identity
Ultimate identity security in one system for all your apps
Learning from the limitations of rigid banking systems we have designed our identity federation technology, providing both flexibility and ultimate identity security tailored for rapidly developing systems of modern digital banking or corporate security. Our identity federation technology provides centralized security and authentication methods with easy, standardized integration to internal, external, or cloud-based business applications.

Federation protocols
-
Supports standardized OpenID Connect, OAuth and SAML protocols for user authentication by any application.
-
OpenID Connect Session Management and PKCE protocol extensions for flexible accommodation of security needs of any application.
-
Federated Transaction Authorization (FTA) - proprietary protocol for electronic signature, transaction authorization and sensitive data secure display (like banking card PIN), incorporating dynamic linking feature.
-
Supports mobile application to mobile token identity federation flows.
-
Unique Response Claims Framework (RCF) for the management of federation tokens information profiles.
Usability and integration
-
SAML and JWT tokens can be used by applications to create their own sessions
-
API friendly opaque access tokens and superfast token introspection service.
-
SDKs take care of all crypto and security functions for authentication, session management, protected resources access, etc., enabling faster and more secure front-end and mobile application development.
-
Configurable single sign-on and single logout support while not breaking application requirements on security.
-
Strong WYSIWYS (What You See Is What You Sign) principles, adapted to the specifics of security method being used.
-
Configurable context-based authentication method prompting (mobile/desktop, secure/public network, MDM controlled device, etc.).
Authentication methods and security functions
-
Out-of-box support for current and legacy authentication methods (smart cards, certificates, mobile tokens, SMS OTPs, username-passwords, Kerberos, HW OTPs).
-
Federation trust increased by the optional use of HSM protected signing keys
-
Built-in authentication method abstraction for easy integration of additional authentication methods.
-
Configurable authentication method concatenation for a modular building of secure authentication scenarios.
-
PSD2 RTS (SCA, CSC) compliant.
Performance, scalability, and support
-
HA and LB 24/7 operation.
-
Scalable from tens to millions of clients.
-
An intelligent health-check system.
-
Fast, in-memory cache supported token introspection executing thousands of requests per second.
-
Distributed tracing compatible with Dapper/Zipkin.
-
Structured operational logs including correlation indicators suitable for Elastic Stack tools analysis.