Documentation

Product & Services

Signify iD is a comprehensive Digital Identity and Access Management (DIAM) platform built for modern enterprise applications.

DIAM Overview

Digital Identity and Access Management (DIAM) encompasses the policies, processes, and technologies used to manage digital identities and control access to resources. Signify iD provides a complete solution for implementing DIAM in your applications.

Unlike traditional IAM solutions that focus solely on internal employee access, Signify iD is designed for both B2B and B2C scenarios, enabling you to manage customer identities, partner access, and internal users from a single platform.

Key Features

Multi-Tenant Architecture

Support multiple organizations with isolated data, custom branding, and independent user management. Each tenant operates in a secure, segregated environment.

OAuth2/OIDC Authentication

Industry-standard authentication protocols with support for authorization code flow, refresh tokens, and secure session management.

Role-Based Access Control

Granular permission system with customizable roles. Define exactly what each user can access with resource:action permission pairs.

Session Management

Real-time session tracking with device fingerprinting, location detection, and the ability to revoke sessions remotely.

Multi-Factor Authentication

Strengthen security with TOTP-based MFA. Users can enable authenticator apps for an additional layer of protection.

Audit & Compliance

Complete audit trail of all authentication events, permission changes, and administrative actions for compliance requirements.

Client Authentication System

The Client Authentication System allows third-party applications to authenticate users securely. Each client application receives a unique Client ID and Client Secret pair for OAuth2 flows.

How it works:

  1. Register your application to receive credentials
  2. User initiates login from your application
  3. User is redirected to Signify iD for authentication
  4. Upon success, user is redirected back with an auth code
  5. Exchange the code for access and refresh tokens
  6. Use tokens to access protected resources

Learn more

See the Client Authentication section for detailed implementation guides and code examples.

Role-Based Access Control

Signify iD uses a permission-based RBAC model where roles are collections of permissions. Permissions follow the format resource:action, providing fine-grained control over what users can do.

System Roles

  • Super Admin - Full system access (*)
  • Tenant Admin - Organization management
  • Developer - API and client access
  • User - Basic authenticated access

Permission Examples

  • • users:read
  • • users:create
  • • clients:manage
  • • sessions:revoke

Session Management

Every authenticated user has an active session. Sessions include:

  • Device information (browser, OS, device type)
  • IP address and approximate location
  • Last activity timestamp
  • Current status (active, expired, revoked)

Security feature

Administrators can view all active sessions for their organization and revoke any suspicious sessions instantly.