Complete on-premises identity management — OAuth2/OIDC/SAML SSO, advanced MFA with passwordless DLogin, SCIM 2.0 directory sync from Active Directory and Azure AD, and adaptive access policies. Your identity data never leaves your datacenter.
The only IAM platform designed from the ground up for on-premises sovereignty
Unlike cloud IAM vendors, TS Identity runs entirely in your datacenter. ArangoDB stores all identity data locally. Zero dependency on external services for authentication — even if internet is down.
Users scan a QR code with their mobile app to authenticate — no password required. DLogin eliminates password phishing entirely while keeping the login experience seamless.
Real-time sync from Active Directory and Azure AD using SCIM 2.0 (RFC 7643/7644). Users and groups provisioned automatically. Departures deprovisioned immediately.
SignIn Policies and MFA Policies with conditions based on IP range, device trust, user group, time of day, and risk level. Step-up authentication for sensitive operations.
Every identity feature your enterprise needs, running entirely on your infrastructure
TOTP (Google Authenticator, Authy), SMS OTP, Email OTP, WebAuthn/FIDO2 hardware keys (YubiKey, Touch ID, Face ID), Push notifications, and QR-code DLogin. All MFA methods managed from one console.
OAuth 2.0, OpenID Connect, SAML 2.0, and WS-Federation. Configure SSO for internal apps and external SaaS. Pre-built integrations for Microsoft 365, Salesforce, GitHub, Jira, and more.
8 built-in roles (Super Admin, Administrator, User Manager, Group Manager, Auditor, Security Admin, Storage Admin, Basic User) with 100+ granular permissions. Create custom roles with precise permission sets.
Automated provisioning from directory sync. Self-service profile updates and MFA enrollment. Access certification workflows. Immediate deprovisioning on account disable or deletion.
Authentication sessions carry trust levels (HIGH, MEDIUM, LOW) based on MFA method and device trust. Applications can require minimum trust levels, triggering step-up authentication as needed.
Real-time ClickHouse-powered audit analytics. Visualize login patterns, MFA usage, failed authentication attempts, geo-distribution, and suspicious activity with interactive dashboards.
TS Identity connects to your existing user directories and applications without replacing them
Active Directory (LDAP/LDAPS), Azure Active Directory (SCIM via Microsoft Graph), Google Workspace, any LDAP-compatible directory. Real-time sync with conflict resolution and audit trail.
Act as an OAuth2/OIDC/SAML IdP for all your applications. Configure per-application SSO profiles with custom attribute mapping, scope policies, and token lifetimes.
Microsoft 365, Slack, Zoom, Salesforce, HubSpot, GitHub, GitLab, Jira, Confluence, AWS IAM, Azure, GCP — configure SSO for any SAML 2.0 or OIDC-compatible application.
How enterprises deploy TS Identity
Central directory for all employees with automated provisioning from HR systems via AD/Azure sync. Role assignment based on department and job function.
Enforce MFA across all applications with a single policy. Users enroll once and get MFA for every app — no per-application MFA configuration needed.
Meet SOC 2, ISO 27001, and HIPAA access control requirements with immutable audit logs, access certification, and session recordings.
Create time-limited accounts with restricted access policies. DLogin eliminates credential sharing risks. Automatic deprovisioning on account expiry.
Built on open standards, designed for on-premises sovereignty
SOC 2 Type II • ISO 27001 • GDPR (data sovereignty) • HIPAA • SCIM 2.0 (RFC 7643/7644)
Stop trusting cloud IAM vendors with your most sensitive data. Run TS Identity on your own infrastructure.