Federated Identity

Ultimate identity security in one system for all your apps

Learning from the limitations of rigid banking systems we have designed our identity federation technology, providing both flexibility and ultimate identity security tailored for rapidly developing systems of modern digital banking or corporate security. Our identity federation technology provides centralized security and authentication methods with easy, standardized integration to internal, external, or cloud-based business applications.

Federation protocols

Standardized open protocols act as a conduit between centralized security needs and the distributed digital world of various applications and devices.

Supports standardized OpenID Connect, OAuth and SAML protocols for user authentication by any application.
OpenID Connect Session Management and PKCE protocol extensions for flexible accommodation of security needs of any application.
Federated Transaction Authorization (FTA) - proprietary protocol for electronic signature, transaction authorization and sensitive data secure display (like banking card PIN), incorporating dynamic linking feature.
Supports mobile application to mobile token identity federation flows.
Unique Response Claims Framework (RCF) for the management of federation tokens information profiles.

Usability and integration

Our federated approach helps to abstract security methods development from the business applications lifecycle.

SAML and JWT tokens can be used by applications to create their own sessions
API friendly opaque access tokens and superfast token introspection service.
SDKs take care of all crypto and security functions for authentication, session management, protected resources access, etc., enabling faster and more secure front-end and mobile application development.
Configurable single sign-on and single logout support while not breaking application requirements on security.
Strong WYSIWYS (What You See Is What You Sign) principles, adapted to the specifics of security method being used.
Configurable context-based authentication method prompting (mobile/desktop, secure/public network, MDM controlled device, etc.).

Authentication methods and security functions

Various modern security methods with secure applied cryptography and a robust back-end, enable strong customer authentication in any scenario.

Out-of-box support for current and legacy authentication methods (smart cards, certificates, mobile tokens, SMS OTPs, username-passwords, Kerberos, HW OTPs).
Federation trust increased by the optional use of HSM protected signing keys
Built-in authentication method abstraction for easy integration of additional authentication methods.
Configurable authentication method concatenation for a modular building of secure authentication scenarios.
PSD2 RTS (SCA, CSC) compliant.

Performance, scalability, and support

Flexible, high-performing technology supporting the everyday needs of any authentication system.

HA and LB 24/7 operation.
Scalable from tens to millions of clients.
An intelligent health-check system.
Fast, in-memory cache supported token introspection executing thousands of requests per second.
Distributed tracing compatible with Dapper/Zipkin.
Structured operational logs including correlation indicators suitable for Elastic Stack tools analysis.