Authentication Service

Custom Authentication without Code

The Authentication Service is an advanced authentication multiplexor that can be configured to meet any app or website’s needs.

Authentication Service

The Authentication Pipeline

The Curity Authentication Service powers centralized authentication, removing the pain of determining who the user is from your apps. It allows for customized authentication flows and comes with many ready-made authentication methods and actions. It enables many use cases, you can see a few below:


Common Use Cases

Customized authentication flows with many ready-made authentication methods and actions

Tailor-made login experiences

Username & Password

Allow the user to log in with a username and password.

Request that the user add more information to their profile.

Require the user to accept the latest T&C in order to log in.

Curity Identity Server enables multiple authentication methods (authenticators), connected to various databases. After verification of the user’s credentials, single actions or entire workflows may run with or without user interaction. All of this is configurable to specific clients and use cases.

Enable Single Sign-On (SSO) for customers and employees


Ready-made integration with GitHub.

Username & Password


Construct workflows using built-in actions or make your own.

Allows the creation of workflows and execution of different actions based upon on conditions.

Curity Identity Server gives the administrator the power to fine-tune the circumstances under which SSO is allowed, enabling a secure and safe login experience. Dedicated actions can run as part of the SSO flow, and if needed still prompt the user.

Account Linking

Flexible account linking

25+ built in authentication methods, plus an SDK to build your

Allow the user to log in with a username and password.

Connect any user repository or database with your chosen authenticators, without migration.

Adapt the incoming data to make the account linking possible.

Actions that lookup and resolves links in local and foreign accounts.


Connect any user repository or database with your chosen authenticators, without migration.

Connect a social or other external account with a local user account. Easy and flexible account linking that can be used with any data source or authentication method.

Easy to set up multi-factor authentication

25+ built in authentication methods, plus an SDK to build your own.

Allow the user to log in with a username and password.


Connect any user repository or database with your chosen authenticators, without migration


Connect any user repository or database with your chosen authenticators, without migration

Multi-factor Authentication is simply done by chaining single-factor authenticators together or by using an individual MFA-authenticator.

Adaptable authentication with Conditional Multi-Factor Authentication processes

Ready-made integration with GitHub.


Run additional authenticators depending on the context of the user log-in session to enable a balance between high-security and low-friction.


Safer login with adaptive login methods

25+ built in authentication methods, plus an SDK to build your own.

Allow the user to log in with a username and password.


Construct workflows using built-in actions or make your own.

Add additional measures when a user attempts to login from a country the user has never logged in from previously.

Two or more login attempts are made from different locations, too far apart for a journey to be possible within the timespan.


Duo authenticator as an MFA choice in the Curity Identity Server, which allows users to authenticate via SMS, push notification, or One-time Passwords (OTP).

SMS is one of the built-in authentication methods available to create MFA.


Enable adaptive authentication for more intelligent login decisions. Using geodata, you can configure actions to alter the authentication process depending on whether or not the user is logging in from a new country, a forbidden country, or has made an impossible journey.

Simple transformation of incoming user data

25+ built in authentication methods, plus an SDK to build your own.

Offer users with a Google account a low friction login experience with a ready-made integration.

Construct workflows using built-in actions or make your own.

Look up attributes connected to the Google user ID to find the local user ID

Replace the Google username with the local username found in the lookup.

Curity Identity Server provides a simple way to transform the raw user data retrieved from the authenticator into an internal username that is the same independent of the authenticator used.

Username and Password
Sign in with Apple


There are many possible ways to authenticate users. The Curity Identity Server supports a long list of established authentication methods, you can also build your own using our SDK.


Authentication Actions allows you to orchestrate what happens after the credentials are verified but before the session is committed. In other words. the user has been validated, but the system hasn’t yet produced an authenticated session, which later can be used for Single Sign-On etc.

Actions are executed in the configured order so they can be chained and depend on each other. They can look up information in databases, prompt the user for more information or run other activities to ensure proper authentication and a secure login.

Curity Admin UI

Action Regex
Action JavaScript
Action Data Source
Action JavaScript
Action Lookup Linked Accounts


Integrate with Your Data Sources

You can connect the Authentication Service to your data repositories, house accounts in your CRM, and store credentials in your company directory.


Extend Using the SDK

Build your own Authenticators and Actions using our Java SDK.

Learn more about the SDK
Multifactor Authentication

Multi-factor Authentication

The Curity Identity Server enables advanced multi-factor possibilities by chaining any number of authentication methods, in any order, creating a secure and user friendly login experience.

A common scenario is to combine username/password with a second factor such as an SMS to a phone, a key fob or an app. This significantly reduces the risk of accounts being compromised due to password theft.

  • Something you knowSomething you know
  • Something you haveSomething you have
  • Something you areSomething you are

Curity lets you combine any factors.

Protect your business apps and APIs

Detect fraud with context-based authentication

Detect Fraud with Context-Based Authentication

Context-based authentication is crucial to secure apps and websites. Using conditional workflows, you can present users with authentication challenges using triggers such as new logins, abnormal behavior, impossible physical journeys, or logins from a new country. You can also scale up your fraud prevention measures by integrating with other systems using actions and events.

Using Geo-Location
Curity UI Kit Branding


With the Curity Identity Server the customer never leaves your organization’s brand. The user-facing screens can be tailor made to match your needs. If your organization has several brands this can also be embedded and used depending on where the user is.

The templating system enables an overlay possibility of existing templates with your choice of colors, logos and fonts. It is possible to completely style the look and feel. Themes are created with native CSS Custom Properties, and means that you can create a theme only by customizing properties for things like page, well, buttons, alerts, form elements, typography colors and more.

--well-background-color: white;
--well-box-shadow:rgb{0 0 0 / 5%{ 0 6px 24px 0,rgb(0 0 0 / 8%) 0 0 0 1px;
--color-primary: #323c53;
--color-spot: #d859a1;
--form-field-border-radius: 8px;
--type-sans:"Roboto-Regular", system, -apple-system, sans-serif;
--button-border-radius: 6px;
--authenticator-google-color: #4285f4;

Examples on Curity UI Kit theme variables

Brand 1

Brand 2

Brand 3


Overrides and Template Areas allow for reusability between screens.

Move seamlessly between mobile apps and websites

Single sign-on (SSO) between apps and secure backend access.

Let the user navigate seamlessly between mobile apps and websites in the mobile browser without having to re-authenticate. Using OpenID Connect, Curity Identity Server has built in support for single sign-on between mobile apps and mobile web-pages.

Ready for mobile
Ready for mobile

User Self-Service

Self-service is about enabling the users to handle the accounts themselves. Did the user forget the password, or wants to register a new phone? Allowing the user to perform these actions during authentication is a great way to improve user experience and increase usage of your services.

User self-service greatly reduces the support burden imposed by authentication and registration. All changes are stored in your own user repository, which can be integrated via SCIM, SQL, LDAP or your own API.

Single Sign-On (SSO)

Enable seamless access between your websites.

Establish single sign-on across your websites and mobile apps by simply configuring the ready-made Curity Authentication Service. Deciding which authentication methods are used under which circumstances grants low-friction access to your services.


Single Page Applications

Embed single sign-on on your Angular website or other single page applications (SPAs) with secure iframing. The assisted token flow in Curity makes the iframing work seamlessly and enables your website developers to easily implement login.

See Curity Identity Server in action

See Curity Identity Server in action

In this demo, we give you a comprehensive overview of the Curity Identity Server. What it is and what problems it helps you solve.

Watch Demo

Be up and Running in Minutes

Start Free Trial

Evaluate the Fit for Your Use Case

Schedule a Demo

Speak to an Identity Specialist

Contact Us