Federated authentication and single sign-on

Standards-based signed assertions (tokens)

Authentication authority with unlimited, flexible policies

Attribute aggregation from multiple directories on the fly

Connections to all on-premises and cloud-based directories

Unlimited integrations with any custom, on-premises, SaaS or cloud applications

Identity federation across various SSO scenarios

Native support for identity standards

Connections to all on-premises and cloud-based directories

Extensive pre-integrated application catalog

Support for several 2FA and MFA solutions

Smart card authentication integration (CAC, PIV, etc.)

Out-of-the-box integrations with existing WAM systems

Extensive server integration kits

Comprehensive authentication adapters and selectors

Integrations with SIEM, online events streaming and reporting

Consistent employee sign-on experience

Customizable one-click access application portal

Identifier-first adapter for passwordless authentication

Self-service password reset capabilities

Support for cloud, on-premises, and cross-domain deployments

Automated, preconfigured deployment with Docker and Kubernetes

Authentication to Microsoft Active Directory without cloud synchronization

Authentication via administrator API

Visibility into lifecycle and promotion of all clients/connections

Centralized authentication and SSO portal and delegated app administration

Extensive provisioning/deprovisioning capabilities (SCIM, JIT, etc)

SAS Type II-compliant data centers and 24/7/365 performance monitoring

Mobile app with swipe, tap and OTP (SMS, voice, email)

PIN-protected desktop app for Windows and Mac

Push notifications for iOS and Android

Fingerprint and facial recognition (Apple Touch ID and Face ID, Android Fingerprint)

Apple Watch tap notifications

FIDO2-certified passwordless web authentication

Third-party authenticators and security keys

Offline authentication capabilities

Bring your own Twilio account (SMS and voice messages)

Adaptive authentication policies (location, IP address, geofencing, etc.)

MFA bypassing based on trusted networks and locations

Device pairing requirements (device lock, rooted/jailbroken, etc.)

Intelligent geovelocity detection (impossible travel times)

Intelligent IP reputation scoring for malicious activity

Support for cryptographically strong session maintenance

Role-based entitlements and web-based access abilities

Group- and application-level access policies

Mobile device managers (MDMs)

VPN/RADIUS, AD FS, Windows Login, Linus/Unix SSH and custom APIs

On-premises, private cloud and SaaS applications

User self-service password resets

Self-service device management (primary and secondary devices)

Real-time authentication method/device selection

Backup authentication with user profile information

Brandable user experience (mobile app, notifications, registration screens, etc.)

Dashboards, reporting and audit trails

Detailed authentication event reporting

End user self-service capabilities

Block/unblock devices, bypass authentications, remove/unpair devices and more

Manage users via admin UI and APIs

Delegate admin roles

Multi-language support and local settings

Administrative bypass capability

Data encryption in every state (at rest, in motion, in use)

Modern password hashing (Argon2, PBKDF2, Scrypt, Bcrypt)

Record- and attribute-level access control to data

Administrator alerts (insecure configuration, access control, etc.)

Least-privileged access for admin accounts

Tamper-evident and encrypted logging

Rapid integration to third-party security monitoring tools

Hybrid directory (IDaaS and cloud-ready software directory)

Unlimited custom user attributes and fields

Unlimited directory integrations (AD, LDAP and more)

Profile synchronization with custom attribute mapping

Extreme scalability with low latency (hundreds of millions of identities, billions of attributes)

Unified profile data access via REST, SCIMv2 APIs, or LDAPv3

Easily store unstructured data (browser fingerprints)

Deploy and coexist anywhere (virtual machine, containers, cloud, on-premises)

Automated, preconfigured deployment with Docker and Kubernetes

Management console for performance and infrastructure monitoring

Real-time, bidirectional data synchronization for zero-downtime migrations

Emulate proprietary systems with compatibility modes and custom server extensions

Built-in LDAPv3-compliant proxy server for load-distribution control

Delegated administration of user profiles (help desk, HR, etc.)

Manage hundreds of millions of users

Store billions of attributes

Handle tens of thousands of authentications per second

Topology management console for SLA visibility

Pre-built assets and UIs

Customizable email templates

Operational visibility through native dashboards or APIs

Deploy and coexist anywhere (virtual machine, containers, cloud, on-premises)

Automated cloud deployment with Docker and Kubernetes

Support for hybrid deployments (on-premises and cloud-based)

Hosted Identity-as-a-Service (IDaaS) platform for customer identity

Data encryption in every state (at rest, in motion, in use)

Administrator alerts (insecure configuration, access control, etc.)

Least-privileged access for admin accounts

Record- and attribute-level access control to data

Modern password hashing

Tamper-evident and encrypted logging

Simplified integration to third-party security and monitoring tools

Lifecycle management and app promotion visibility

Dashboard for monitoring all clients/connections across environments

Delegated administration templates and workflows for onboarding/managing apps and certificates

Orchestration engine for automated configuration promotions across environment tiers

Rich customer profiles

Access customer profile data using REST and SCIM APIs

Customizable registration templates

Social registration and account linking

Secure, convenient password policies

Register with third-party IdPs

Multiple registration options

Email ownership verification

Customizable required registration fields

Self-service customer data/preferences management

Fully customizable sign-on policies

Group- and application-level sign-on policies

Passwordless options (OTPs or push notifications)

Social login

Customizable sign-on templates

Customer-managed passwordless preferences

Zero login (QR code authentication)

Passwordless transaction approval, CSR identity verifications and more

Advanced, risk-based, contextual MFA

Embed MFA into your own mobile app

Adaptive authentication and authorization policies

Restrict rooted or jailbroken devices

Customize authentication screens

Skip MFA for recent authentications

Customize MFA request messages

Send SMS OTPs by country (localization)

Dedicated SMS/voice phone numbers

Restrict users from sharing authentication devices

Manage user devices

Admin portal for managing users and apps, transaction reporting and more

Customer service representative (CSR) identity verification

Control which customer attributes CSRs can see

Open standards support (OAuth 2.0, OpenID Connect, SAML, SCIM)

Inbound and outbound federation for custom apps

Unlimited OIDC and SAML connections

Connections to all identity stores (AD domains, on-premises, cloud-based)

Single logout (SLO)

Unlimited integrations to any app (custom, on-prem, SaaS, cloud)

Attribute aggregation from multiple directories

Identity federation across various SSO scenarios