top of page


Conic Security's CIAM offering provides all of the capabilities you would expect from a CIAM service but built with a modern multi-tenant view in mind.

Conic Security CIAM is a service that manages and protects your users. Applications are configured to point to and be secured by this service. Conic Security CIAM uses open protocol standards like OpenID Connect or SAML 2.0 to secure your applications. Browser applications redirect a user’s browser from the application to the Conic Security CIAM authentication server where they enter their credentials. This redirection is important because users are completely isolated from applications and applications never see a user’s credentials. Applications instead are given an identity token or assertion that is cryptographically signed. These tokens can have identity information like username, address, email, and other profile data. They can also hold permission data so that applications can make authorization decisions. These tokens can also be used to make secure invocations on REST-based services.

Conic Security CIAM provides the following features:

Conic Security CIAM provides the following features:

  • Single-Sign On and Single-Sign Out for browser applications.

  • Support for OpenID Connect, OAuth 2.0, and SAML.

  • Identity Brokering - Authenticate with external OpenID Connect or SAML Identity Providers.

  • Social Login - Google, GitHub, Facebook, Twitter, and other social networks.

  • User Federation - Sync users from LDAP and Active Directory servers.

  • Kerberos bridge - Automatically authenticate users that are logged-in to a Kerberos server.

  • Admin Console for central management of users, roles, role mappings, clients and configuration.

  • Account Management console that allows users to centrally manage their account.

  • Theme support - Customize all user facing pages to integrate with your applications and branding.

  • Two-factor Authentication - Support for TOTP/HOTP via Google Authenticator or FreeOTP.

  • Login flows - optional user self-registration, recover password, verify email, require password update, etc.

  • Session management - Admins and users themselves can view and manage user sessions.

  • Token mappers - Map user attributes, roles, etc. how you want into tokens and statements.

  • Not-before revocation policies per realm, application and user.

  • CORS support - Client adapters have built-in support for CORS.

  • Service Provider Interfaces (SPI) - A number of SPIs to enable customizing various aspects of the server. Authentication flows, user federation providers, protocol mappers and many more.

  • Supports any platform/language that has an OpenID Connect Relying Party library or SAML 2.0 Service Provider library.

singlesignon (1).png

Single Sign-On

Providing an Authentication service to all of your services and applications enables a singular login by a user across your connected environment. 

Once logged in, your user base will maintain a session that can be leveraged by your applications using industry standards, such as SAML, OAuth, etc.

User registration provides the ability to identify and capture users into the CIAM solution. Either through the customizable user registration screen or through existing registration processes that interact with CIAM through easy-to-implement API connections.


User login is fully customizable to the look and feel of your organization and enables multiple methods of authenticating your users.

Both name & password and social media login and registrations are available as standard, as well as the configurable behavior once the user has logged in, including:

  • Multi-factor authentication

  • Email verification

  • Update of profile


Passwordless and Multifactor 

Standard logins are valuable security measures that can be enhanced through newer standards such as FIDO2/WebAuthn for passwordless authentication.  Enabling your users to make use of their device's biometric authentication makes for a more seemless login experinece.

For certain instances, when additional scrutiny is required, the second factor of validation is the right choice. Options for Biometric validation and One Time Pin (OTP) are available as a standard option, plus the addition of Google Authenticator and Duo.

Centralized Management

Centralized management provides the ability to update, configure and secure your configuration without affecting other customers on the service.

All of your configuration needs, from the look and feel, security measures, interactions with applications and identity providers are available through the console.

Management of users, groups and logs are also available to review, interact with and manage.


As A Service

As a Service model enables a single licensed purchase, to receive all of the functionality plus the management, support and hosted infrastructure to support your needs.

Conic Security provides this multi tenant approach to hosting the service to reduce cost, leverage support and provide a robust platform that is unique to your needs.

bottom of page