IdCore · identity platform

Own your identity layer. Without the lock-in.

An IdP with current auth standards, configurable journeys, passwordless sign-in, and the delegation patterns AI Agents need.

What changes for the business

Predictable cost as you grow

Run identity on your own infrastructure, with pricing that fits the scale of your business, not the size of your user base.
Sovereignty without rebuilding

Your users, sessions, and signing keys live in your infrastructure. Hosted in the region you choose.
B2C, B2B, and AI Agents

Delegated access, machine identity, customers, and partner federation use one policy and audit model.

Move off your current IdP

Replace a legacy customer or workforce identity platform with one you own, without losing the journeys and integrations you depend on.
Run a modern OAuth stack

Current OAuth and OIDC patterns with the controls security and audit teams expect.
Roll out passwordless safely

Passkeys and magic links alongside passwords, so you can move users over at your own pace.
One platform, every audience

Employees, contractors, and customers on one platform, each with the policies and journeys their audience needs.
Agent and machine identity

Treat agents, services, and devices as first-class identities, with delegated access that stays auditable.
Sovereign by design

Self-hosted on your infrastructure or managed in the region you choose. Your users, sessions, and signing keys stay under your control.

Sign-in journeys you can change: Onboarding, sign-in, recovery, consent, and step-up assembled from reusable steps. Reviewable, versioned, and different per brand or tenant.
Full modern OAuth 2.1 and OIDC: Standards-certified sign-in built on current OAuth and OIDC patterns, including the controls auditors and security teams expect.
Passwordless and step-up sign-in: Biometric, device, and email-link sign-in alongside passwords, with extra verification when risk signals call for it.
Branding and languages built in: Themed sign-in pages, email and SMS templates, and translations per brand and region, without forking the platform.
Built to extend: Safe extension points for the integrations and policies you cannot fit in a UI, with the operating model the rest of the platform uses.
Works with the systems you already run: Connects to your HR, directory, and partner systems for provisioning. Legacy apps stay supported through standard interfaces.
Federated identity providers: Customers, employees, and partners arrive from the providers they already use. One claims model on your side.
Migrate users without friction: Migrate from your current platform one application or audience at a time. Existing users keep their credentials and stay signed in.

Predictable cost: Costs you can plan for, on infrastructure you already run.
Sovereign and inspectable: Your tokens, your sessions, your keys. Self-hosted or managed in the region you choose.
Designed for scale: Engineered for very large user bases without changing how you operate it.
Audit-ready by design: Structured audit events and protocol telemetry for every flow, ready for security and compliance review.
Extensible without forking: Journeys, plugins, scripts, and webhooks cover most extension points. Add your own without touching core.
Built on open standards: OIDC, OAuth 2.1, SCIM 2.0, LDAP, FIDO2. Replaceable, portable, and certifiable.

Journeys: Reusable steps for sign-in, recovery, MFA, consent, and invitation
Plugins & webhooks: Safe extension points and signed event delivery with retries
Migration: Verify legacy hashes on first sign-in, then rotate

How is IdCore different from the hosted CIAM products on the market?

Same shape of product, with the modern OAuth stack as default (DPoP, PAR, CIBA, mTLS, token exchange) and self-hosting as a first-class option.
Can we migrate from our current IdP without resetting passwords?

Yes. We support just-in-time migration: existing password hashes are verified on first sign-in, then transparently rotated to the modern format. Bulk import handles users, applications, and clients.
How does this support AI Agents and machine identity?

Token exchange (RFC 8693), CIBA, and DPoP are built in, so delegated and sender-constrained access for Agents is part of the platform instead of a custom extension.
Can we brand sign-in pages and emails per audience?

Yes. Themes, page layouts, and email and SMS templates can be set per brand and per language, with translations managed alongside the rest of the platform.
Where does it run?

Self-hosted in your cloud or managed in the region you choose. You decide where your data and keys live.
Is it standards-certified?

OIDC certification is part of the release process, with a public certification runbook and conformance evidence.

Ready to scope a pilot?