SecureAuth Connect documentation

SecureAuth Connect handles authentication, fine-grained authorization, API security, risk-based access, and lifecycle management for every identity population: consumers, business customers, partners, workforces, machine identities, and AI agents. It runs on open standards with policy-driven access controls.

At a glance

Capabilities	Authentication · Authorization · API security · Risk analysis · User and application management
Identity populations	Consumers · Business customers · Partners · Workforces · Machine identities · AI agents
Protocols	OIDC · SAML · OAuth 2.1 · FAPI-certified
Deployment	Public SaaS · Private SaaS · Private cloud · Kubernetes self-hosted
Compliance	SOC 2 Type 2 · ISO 27001

Where do you want to go?

Consumer

B2C identity

Add sign-up, sign-in, social login, passkeys, and account security for customer-facing apps.

Start here →

B2B

Multi-tenant identity for business customers

Give each business customer its own identity provider, policies, branding, and delegated admins.

Start here →

Partner

Contractors, vendors, and partner users

Give contractors, vendors, and partner-company employees scoped, time-bounded access with full audit.

Start here →

Workforce

Employee identity and SSO

Connect Active Directory, Entra ID, or other workforce IdPs and give employees SSO and MFA across apps.

Start here →

Agentic AI

Access control for AI agents

Control what AI agents and automated processes can do on behalf of your users.

Start here →

Authorization

Policy-based access control

Add RBAC, PBAC, and fine-grained access on top of any identity model. Protect APIs with token-time policies and gateway authorizers.

Start here →

What do you want to do?

Administrator tasks

Setting up and managing SecureAuth Connect: workspaces, users, auth policies, and access controls.

• Set up my first workspace
• Enable MFA for my users
• Add an application
• Enable SSO for your workspace
• Create organizations and sub-orgs
• Let your B2B customers manage their own users
• Configure branding and login flows
• Manage admin roles and permissions

Developer tasks

Building an application or integrating with the SecureAuth Connect APIs and SDKs.

• Add login to my app
• Protect my APIs
• Integrate an identity provider
• Use the REST API
• Set up token-based authorization
• Build a custom login page
• Explore OAuth flows
• API reference

Authentication methods

SecureAuth Connect supports the following authentication methods. Select one to see configuration steps.

Method	What it is	Typical use	Configure
Email OTP	One-time code sent to email	Step-up, fallback, first-factor	View
Magic link	One-click email login	Low-friction B2C	View
Passkeys	Device-bound cryptographic login, no password	Consumer apps	View
Push notification	Approve or deny on a mobile device	B2B, high-security B2C	View
QR code	Scan a QR code with a mobile device to sign in	Shared workstations, kiosks	View
SMS OTP	One-time code sent via text message	Step-up, fallback	View
Social login	Sign in with Apple, Facebook, GitHub, Google, LinkedIn, Microsoft, or X	Consumer apps	View
SSO	Sign in using your company's identity provider	B2B	View
Symbol	Match a symbol on screen and mobile device	High-security, anti-phishing	View
TOTP	Time-based codes from a mobile app	B2B, high-security B2C	View
Voice OTP	One-time code read aloud by phone call	Step-up, fallback, accessibility	View
Password	Traditional username and password	Legacy or fallback only	View

How users get to the right provider

When you connect multiple identity providers, SecureAuth Connect can automatically route users to the correct one based on their email domain or organization membership. This is called IdP Routing, and it eliminates the need for users to manually choose a provider at sign-in.