Email + TOTP, OIDC for enterprise, per-app permissions โ all hosted in Estonia under EU jurisdiction. The privacy-respecting alternative to Auth0, Okta, and Cognito.
See pricingWhy sovereigntyThe post-Schrems-II reality: even "GDPR-compliant" US identity providers expose you to Section 702 demands.
All authentication data lives in Estonia under EU law. No US Section 702 surveillance exposure. No CLOUD Act compulsion.
Single account works across all your B-Systems apps. Permissions flow per app. Revoke globally with one click.
Zero telemetry on user behaviour. We log only what we need to verify identity. Auth events stay private.
All the identity-platform surface, EU-hosted, with no surveillance.
Standard email login plus optional 2FA via TOTP authenticator apps. No SMS โ SIM-swap attacks don't apply.
Integrate with your existing SSO (Okta, Azure AD, Google Workspace) via standard OpenID Connect.
Each app grants specific scopes. Users see exactly what they're authorising. Revocable per-app from the dashboard.
Cookie sessions for web, bearer tokens for APIs. Both signed with rotating keys. No long-lived JWTs in browser storage.
Subscribe to login/logout/grant/revoke events. Full audit trail exportable for compliance review.
Run B-Auth on your own infrastructure or use the hosted Estonian deployment. Same software, your choice.
From solo developer to enterprise. EU-hosted, no surveillance, no upsells.
Larger user counts, on-prem deployments, custom OIDC integrations โ email brendan@darlo.com.