Nacho
Authlete IAM Provider
Headless OAuth 2.0 and OpenID Connect backend engine from Japan, founded 2015. Authlete is not a full-stack CIAM: it handles only the OAuth/OIDC protocol layer and token lifecycle management β authentication UI, user database, and MFA are customer-owned. Exceptionally strong protocol coverage: FAPI 1.0/2.0, CIBA, DPoP, PAR, JAR, mTLS, OpenID Identity Assurance, OID4VCI, and OpenID Federation. OpenID-certified across Basic, Implicit, Hybrid, FAPI 1.0 Advanced, FAPI-CIBA, FAPI 2.0, and multiple open banking profiles (UK, Australia CDR, Brazil, Saudi Arabia). ISO/IEC 27001 certified. Available as shared cloud, dedicated cloud, or self-managed.
Features
- AWSAzureGCPOn-premises
If you want to compare IAM features of different providers, please check out the (C)IAM Identity Providers benchmark.
Looking for Authleteβs OpenID Connect protocol compatibility? View Authlete on the OpenID Connect Providers benchmark.
Frequently Asked Questions
Does Authlete support Username and Password authentication method?
Authlete does not support Username and Password authentication method. Authlete is a headless OAuth/OIDC backend engine. End-user authentication (username/password, social, MFA, etc.) is entirely the responsibility of the customer's own authentication layer. Authlete only handles the protocol and token lifecycle.
Does Authlete support Social Sign-in authentication method?
Authlete does not support Social Sign-in authentication method. Authlete does not implement authentication. Social sign-in must be handled by the customer's authentication frontend before Authlete issues tokens.
Does Authlete support Passkey authentication method?
Authlete does not support Passkey authentication method. Authlete is a headless token engine. Passkey/WebAuthn authentication is the responsibility of the customer's own authentication layer.
Does Authlete support Email Passwordless authentication method?
Authlete does not support Email Passwordless authentication method. No authentication UI or passwordless flows built in. Customer implements authentication; Authlete handles the downstream OAuth/OIDC token issuance.
Does Authlete support Phone Passwordless authentication method?
Authlete does not support Phone Passwordless authentication method. No built-in SMS OTP or phone-based authentication. Customer-owned auth layer.
Does Authlete support Magic Link authentication method?
Authlete does not support Magic Link authentication method. No built-in magic link flow. Customer-owned auth layer.
Does Authlete support Anonymous / Guest authentication method?
Authlete does not support Anonymous / Guest authentication method. No anonymous or guest session support built in. Customer-owned auth layer.
Does Authlete support Time-based One-Time Password (TOTP) MFA?
Authlete does not support Time-based One-Time Password (TOTP) MFA. MFA is not handled by Authlete. CIBA (Client-Initiated Backchannel Authentication) can be used to decouple the authentication challenge from the token issuance, enabling MFA in the customer's authentication server. Read more
Does Authlete support HMAC-based One-Time Password (HOTP) MFA?
Authlete does not support HMAC-based One-Time Password (HOTP) MFA. MFA is delegated entirely to the customer's authentication system.
Does Authlete support Universal 2nd Factor (U2F) MFA?
Authlete does not support Universal 2nd Factor (U2F) MFA. MFA is delegated entirely to the customer's authentication system.
Does Authlete support WebAuthn MFA?
Authlete does not support WebAuthn MFA. MFA is delegated entirely to the customer's authentication system.
Does Authlete support Email Code MFA?
Authlete does not support Email Code MFA. MFA is delegated entirely to the customer's authentication system.
Does Authlete support Phone Code MFA?
Authlete does not support Phone Code MFA. MFA is delegated entirely to the customer's authentication system.
Does Authlete support Recovery Code MFA?
Authlete does not support Recovery Code MFA. MFA is delegated entirely to the customer's authentication system.
Does Authlete support Push Notification MFA?
Authlete does not support Push Notification MFA. No built-in push MFA. However, CIBA (Client-Initiated Backchannel Authentication) natively supports decoupled push-style challenge flows that can drive push notifications in a custom authentication device. Read more
Does Authlete support Adaptive / Risk-Based MFA MFA?
Authlete does not support Adaptive / Risk-Based MFA MFA. Risk-based and adaptive MFA are outside Authlete's scope. Authlete processes tokens; risk evaluation lives in the customer's authentication layer.
Does Authlete support Cisco Duo MFA?
Authlete does not support Cisco Duo MFA. No Cisco Duo integration. MFA provider integrations are the customer's responsibility.
Does Authlete support Step-Up Authentication MFA?
Authlete partially supports Step-Up Authentication MFA. OAuth 2.0 Step-Up Authentication (RFC 9470) is supported, enabling resource servers to request re-authentication at a higher ACR. The actual step-up challenge is handled by the customer's auth server. Read more
Does Authlete support OpenID Connect (OIDC) integration protocol?
Authlete supports OpenID Connect (OIDC) integration protocol. Core product offering. OpenID-certified across Basic, Implicit, Hybrid, Config, Dynamic, and Form Post profiles. Supports OpenID Connect Core 1.0, Discovery 1.0, CIBA, Identity Assurance 1.0, and Federation 1.0. Read more
Does Authlete support SAML 2.0 integration protocol?
Authlete does not support SAML 2.0 integration protocol. Authlete is exclusively an OAuth 2.0 and OpenID Connect engine. SAML 2.0 is not supported.
Does Authlete support WS-Federation integration protocol?
Authlete does not support WS-Federation integration protocol. WS-Federation is not supported. Authlete is limited to OAuth 2.0 and OpenID Connect protocols.
Does Authlete support Machine-to-Machine (M2M) Authentication integration protocol?
Authlete supports Machine-to-Machine (M2M) Authentication integration protocol. OAuth 2.0 Client Credentials grant (RFC 6749) natively supported for M2M authentication. DPoP and mTLS sender-constraining available for M2M tokens. Read more
Does Authlete support OpenID Connect (OIDC) Federation identity federation?
Authlete supports OpenID Connect (OIDC) Federation identity federation. OpenID Connect Federation 1.0 supported, enabling trust chain-based federated identity across organizations. Read more
Does Authlete support SAML 2.0 Federation identity federation?
Authlete does not support SAML 2.0 Federation identity federation. SAML federation is not supported. Authlete is a pure OAuth 2.0/OIDC engine.
Does Authlete support Active Directory / LDAP identity federation?
Authlete does not support Active Directory / LDAP identity federation. Authlete is headless and does not connect to LDAP or Active Directory. Directory integration is the customer's responsibility in their own authentication layer.
Does Authlete support Azure Active Directory (Entra ID) identity federation?
Authlete does not support Azure Active Directory (Entra ID) identity federation. No built-in Azure AD/Entra ID integration. Customers may federate via OIDC in their own authentication layer and then use Authlete for token issuance.
Does Authlete support Bulk User Import user management?
Authlete does not support Bulk User Import user management. Authlete does not store or manage users. User databases are owned and operated by the customer.
Does Authlete support Password Hash Import (Multiple Formats) user management?
Authlete does not support Password Hash Import (Multiple Formats) user management. No user or credential storage in Authlete.
Does Authlete support Bulk User Export user management?
Authlete does not support Bulk User Export user management. No user storage in Authlete. Data export is the customer's responsibility for their own user store.
Does Authlete support Bulk User Update / Delete user management?
Authlete does not support Bulk User Update / Delete user management. No user management in Authlete.
Does Authlete support Upsert on Import user management?
Authlete does not support Upsert on Import user management. No user management in Authlete.
Does Authlete support Legacy Username Import (Non-Allowed Characters) user management?
Authlete does not support Legacy Username Import (Non-Allowed Characters) user management. No user management in Authlete.
Does Authlete support MFA Enrollment Import user management?
Authlete does not support MFA Enrollment Import user management. No user or MFA enrollment management in Authlete.
Does Authlete support Inbound SCIM Provisioning user management?
Authlete does not support Inbound SCIM Provisioning user management. Authlete has no user store and does not expose a SCIM endpoint.
Does Authlete support Outbound SCIM Provisioning user management?
Authlete does not support Outbound SCIM Provisioning user management. No outbound SCIM provisioning. Authlete manages tokens and OAuth clients, not user accounts.
Does Authlete support SCIM Groups Provisioning user management?
Authlete does not support SCIM Groups Provisioning user management. No SCIM or group management in Authlete.
Does Authlete support Just-In-Time (JIT) User Provisioning user management?
Authlete does not support Just-In-Time (JIT) User Provisioning user management. JIT provisioning is not a built-in feature. Customers can implement JIT user creation in their own auth layer triggered at first login.
Does Authlete support Lazy / Trickle Migration from Legacy Database user management?
Authlete does not support Lazy / Trickle Migration from Legacy Database user management. No lazy migration support. Credential validation and user migration are the customer's own concern.
Does Authlete support Self-Service Profile Management Portal user management?
Authlete does not support Self-Service Profile Management Portal user management. No end-user portal. Authlete is a pure backend protocol engine with no user-facing UI.
Does Authlete support User Account Linking user management?
Authlete does not support User Account Linking user management. No account linking built in. Subject identifiers in tokens are managed by the customer's authentication system.
Does Authlete support User Blocking / Banning user management?
Authlete does not support User Blocking / Banning user management. No user management. Token revocation for a subject can be performed via the token revocation API, which achieves a similar result. Read more
Does Authlete support User Metadata user management?
Authlete partially supports User Metadata user management. Custom 'extra properties' can be bound to access tokens at issuance time, encoding user-level metadata. Authlete does not store a user profile; the customer's auth layer provides metadata at token request time. Read more
Does Authlete support Application Metadata user management?
Authlete supports Application Metadata user management. OAuth client metadata is fully managed via Dynamic Client Registration (RFC 7591/7592) and the management API, supporting custom attributes per application. Read more
Does Authlete support User Search user management?
Authlete does not support User Search user management. No user store in Authlete. User search is the customer's responsibility.
Does Authlete support Role-Based Access Control (RBAC) user management?
Authlete partially supports Role-Based Access Control (RBAC) user management. Role-based access control is achieved via OAuth 2.0 scopes and custom claims injected at token issuance. No built-in role management UI; roles are modeled as scopes or extra properties. Read more
Does Authlete support Organizations (Multi-Tenancy B2B) user management?
Authlete supports Organizations (Multi-Tenancy B2B) user management. Multi-tenancy supported via the 'Services' concept: each service is an isolated OAuth/OIDC tenant with its own clients, tokens, keys, and configuration. Multiple services managed from a single console. Read more
Does Authlete support Password Strength Policies user management?
Authlete does not support Password Strength Policies user management. No credential or password management in Authlete.
Does Authlete support Username Restrictions user management?
Authlete does not support Username Restrictions user management. No user or credential management in Authlete.
Does Authlete support Progressive Profiling / Forms user management?
Authlete does not support Progressive Profiling / Forms user management. No authentication UI or profiling flows in Authlete. The headless architecture allows customers to build this in their own frontend.
Does Authlete support Attribute-Based Access Control (ABAC) access control?
Authlete partially supports Attribute-Based Access Control (ABAC) access control. Attribute-based access control achievable via Rich Authorization Requests (RAR, RFC 9396) and extra properties bound to tokens. No built-in policy engine; decisions are made in the customer's authorization layer. Read more
Does Authlete support Fine-Grained Authorization (FGA / ReBAC) access control?
Authlete partially supports Fine-Grained Authorization (FGA / ReBAC) access control. Rich Authorization Requests (RAR) enable fine-grained authorization details within tokens. Authlete processes RAR data but does not provide a policy engine; FGA logic resides in the customer's resource server or authorization layer. Read more
Does Authlete support API Authorization (Scopes / Permissions) access control?
Authlete supports API Authorization (Scopes / Permissions) access control. Core use case. OAuth 2.0 scopes, resource indicators (RFC 8707), token introspection (RFC 7662), DPoP (RFC 9449), mTLS sender-constraining (RFC 8705), and certificate-bound access tokens provide comprehensive API authorization. Read more
Does Authlete support Audit Log Retention security feature?
Authlete partially supports Audit Log Retention security feature. Audit and activity logs available in the management console. Specific retention policies by plan are not publicly documented.
Does Authlete support Security Center (Threat Monitoring Dashboard) security feature?
Authlete does not support Security Center (Threat Monitoring Dashboard) security feature. No built-in threat monitoring dashboard. Authlete provides token and service management analytics in the console but no dedicated security center.
Does Authlete support Encryption at Rest security feature?
Authlete supports Encryption at Rest security feature. ISO/IEC 27001 certified managed cloud ensures encryption at rest for all stored tokens and client data. Read more
Does Authlete support Encryption in Transit security feature?
Authlete supports Encryption in Transit security feature. All API communication is over TLS. Mutual TLS (mTLS, RFC 8705) is natively supported for certificate-bound client authentication. Read more
Does Authlete support Customer Managed Keys (BYOK) security feature?
Authlete partially supports Customer Managed Keys (BYOK) security feature. Full key control available in the Enterprise Self-Managed deployment. In managed cloud, JWK key sets are customer-configurable for signing and encryption. Read more
Does Authlete support Bot Detection security feature?
Authlete does not support Bot Detection security feature. Authlete has no login UI and does not interact with end users directly. Bot detection is the responsibility of the customer's authentication frontend.
Does Authlete support Brute Force Protection security feature?
Authlete does not support Brute Force Protection security feature. No credential validation in Authlete. Brute-force protection for login attempts is the customer's responsibility.
Does Authlete support Suspicious IP Throttling security feature?
Authlete partially supports Suspicious IP Throttling security feature. API rate limiting is applied at the Authlete service level. Token endpoint throttling can be configured. No dedicated suspicious IP detection for login flows. Read more
Does Authlete support Breached Password Detection security feature?
Authlete does not support Breached Password Detection security feature. No credential or password management in Authlete.
Does Authlete support Credential Guard (Dark Web Monitoring) security feature?
Authlete does not support Credential Guard (Dark Web Monitoring) security feature.
Does Authlete support Tenant Access Control List (IP ACL) security feature?
Authlete supports Tenant Access Control List (IP ACL) security feature. IP allowlist and access control at the service level available. Enterprise dedicated and self-managed deployments support network-level ACLs. Read more
Does Authlete support Device Fingerprinting security feature?
Authlete does not support Device Fingerprinting security feature. No user-facing login or device tracking in Authlete. Device context may be passed as extra properties by the customer's auth layer.
Does Authlete support Per-Organization Branding multi-tenancy?
Authlete does not support Per-Organization Branding multi-tenancy. Authlete is headless with no login UI. Branding is entirely the customer's responsibility.
Does Authlete support Per-Organization MFA Policy multi-tenancy?
Authlete does not support Per-Organization MFA Policy multi-tenancy. MFA policies are outside Authlete's scope. Per-organization MFA must be implemented in the customer's authentication layer.
Does Authlete support Hosted / Universal Login Page branding feature?
Authlete does not support Hosted / Universal Login Page branding feature. Authlete is a headless backend engine. Authorization endpoints live in the customer's environment; Authlete provides no hosted login page. Read more
Does Authlete support Embedded / Native Login Components branding feature?
Authlete does not support Embedded / Native Login Components branding feature. No embedded or native login components. The headless model gives customers complete freedom to build their own login UI.
Does Authlete support White-Label / Full Brand Removal branding feature?
Authlete supports White-Label / Full Brand Removal branding feature. Fully white-labeled by design. Authlete never appears in the end-user experience; the entire login and consent UI is built and branded by the customer. Read more
Does Authlete support Localization / i18n branding feature?
Authlete does not support Localization / i18n branding feature. No UI components to localize. Internationalization of the login experience is the customer's responsibility.
Does Authlete support Prebuilt UI Components (SDK) branding feature?
Authlete does not support Prebuilt UI Components (SDK) branding feature. Authlete provides no UI components. Open-source sample implementations are available on GitHub as starting points. Read more
Does Authlete support Login / Auth Analytics Dashboard analytics?
Authlete partially supports Login / Auth Analytics Dashboard analytics. The management console provides token issuance metrics and service-level usage analytics. No end-user login funnel or authentication event dashboard. Read more
Does Authlete support ISO 27001 / 27017 / 27018 Certification compliance?
Authlete supports ISO 27001 / 27017 / 27018 Certification compliance. Read more
Does Authlete support GDPR: Data Export (Portability) compliance?
Authlete partially supports GDPR: Data Export (Portability) compliance. Authlete stores minimal data (tokens, client registrations). Token and client data deletion is available via API. Full GDPR data portability depends on the customer's own user data store. Read more
Does Authlete support GDPR: Right to be Forgotten (User Deletion) compliance?
Authlete partially supports GDPR: Right to be Forgotten (User Deletion) compliance. Token revocation and client deletion APIs allow removal of Authlete-held data. User-level erasure must be handled in the customer's own systems. Read more
Does Authlete support Consent Management compliance?
Authlete supports Consent Management compliance. OAuth 2.0 consent is a built-in part of Authlete's authorization code flow. Consent UI is rendered by the customer; consent decisions are persisted and managed by Authlete. Read more
Does Authlete support Region Deployment compliance?
Authlete supports Region Deployment compliance. Business plan offers cluster locations in United States, Japan, Brazil, and EU. Enterprise plan adds multi-region disaster recovery. Read more
Does Authlete support Private Cloud Deployment compliance?
Authlete supports Private Cloud Deployment compliance. Enterprise Self-Managed plan allows full on-premises or private cloud deployment. Dedicated Cloud Enterprise plan offers single-tenant managed hosting. Read more
Does Authlete support SDK Coverage developer integration?
Authlete supports SDK Coverage developer integration. Open-source server-side libraries and reference implementations for Java, Python, Go, Node.js, PHP (Laravel), C# (.NET), and Ruby available on GitHub. Read more
Does Authlete support Management API developer integration?
Authlete supports Management API developer integration. Comprehensive REST Web API covering service management, client registration (RFC 7591/7592), token operations, JWK management, and introspection. All features available programmatically. Read more
Does Authlete support Authentication API Rate Limits developer integration?
Authlete supports Authentication API Rate Limits developer integration. API rate limits apply per service. Business plan pricing is usage-based on Monthly Active Tokens (MAT), with documented limits on services and client applications per plan. Read more
Does Authlete support Actions / Extensibility Pipeline developer integration?
Authlete does not support Actions / Extensibility Pipeline developer integration. No event-driven extensibility pipeline. Authlete is API-driven: customers implement all custom logic in their own authorization server code that calls Authlete's Web APIs.
Does Authlete support TypeScript Support in Extensibility developer integration?
Authlete does not support TypeScript Support in Extensibility developer integration. No server-side extensibility scripting in Authlete. Custom logic is implemented in the customer's own authorization server in any language.
Does Authlete support Custom Domain developer integration?
Authlete supports Custom Domain developer integration. Authorization endpoints are hosted in the customer's own environment, so any custom domain is inherently supported. The Authlete API backend is accessed internally. Read more
Does Authlete support Deploy CLI (Infrastructure as Code) developer integration?
Authlete partially supports Deploy CLI (Infrastructure as Code) developer integration. No official deploy CLI. Service and client configuration can be managed programmatically via the management REST API, enabling CI/CD automation. Read more
Does Authlete support Custom Database Connections developer integration?
Authlete does not support Custom Database Connections developer integration. Authlete does not connect to user databases. The customer's authentication layer handles all user lookups against any database or directory.
Does Authlete support Universal Login / Hosted Login Page Customization developer integration?
Authlete does not support Universal Login / Hosted Login Page Customization developer integration. No hosted login page to customize. Authorization endpoints are fully customer-implemented.
Does Authlete support Custom Email Provider (SMTP) developer integration?
Authlete does not support Custom Email Provider (SMTP) developer integration. Authlete does not send emails. All email communication (verification, OTP, notifications) is handled by the customer's own systems.
Does Authlete support Email Templates developer integration?
Authlete does not support Email Templates developer integration. No email functionality in Authlete.
Does Authlete support Custom OIDC Claims / Token Enrichment developer integration?
Authlete supports Custom OIDC Claims / Token Enrichment developer integration. Custom claims injected into access tokens and ID tokens via 'extra properties' and scope attributes at token issuance time. The customer's auth server provides claim values when calling Authlete APIs. Read more
Does Authlete support No-Code Auth Flow Builder / Orchestration feature?
Authlete does not support No-Code Auth Flow Builder / Orchestration feature. No visual flow builder. Authlete is a developer-oriented API-first product requiring code to implement authentication flows.
Does Authlete support Identity Verification / Document Proofing feature?
Authlete does not support Identity Verification / Document Proofing feature. No document verification or identity proofing built in. OpenID Connect Identity Assurance 1.0 (IDA) protocol is supported for conveying identity assurance data in tokens issued by the customer's verified auth system. Read more
Does Authlete support Decentralized / Verifiable Credentials feature?
Authlete supports Decentralized / Verifiable Credentials feature. OpenID for Verifiable Credential Issuance (OID4VCI), SD-JWT VC, and ISO/IEC 18013-5:2021 (mobile Driver's License, mDL) supported for decentralized and verifiable credential use cases. Read more
Does Authlete support Built-in Billing / Subscription Management feature?
Authlete does not support Built-in Billing / Subscription Management feature.
Does Authlete support Agentic AI / MCP Server Authentication feature?
Authlete partially supports Agentic AI / MCP Server Authentication feature. Strong foundation for AI agent authentication: OAuth 2.0 Client Credentials, DPoP sender-constraining, mTLS certificate-bound tokens, and Token Exchange (RFC 8693) support autonomous agent identity patterns. No dedicated agentic identity product. Read more
Note: The current data is based on provider documentation/experience and may not be 100% accurate. Please open an issue if you have spotted any inconsistencies.