Early access · in active development

Hosted identity for modern apps.

IDP.to gives your product passkey-first sign-in on your own domain. Your users authenticate with passkeys, never passwords — and you integrate over standard OpenID Connect.

Passkey-first sign-in

Your users sign in with passkeys, never passwords. Stronger security, and nothing to remember or reset.

Hosted on your domain

Hosted login and account-security pages that live on your own domain — you don't build or run any of it.

Enterprise SSO

Single sign-on for B2B SaaS, so you can bring on enterprise customers without building it yourself.

OpenID Connect

Built on the OpenID Connect standard. It works with any conformant OIDC client library.

Standard integration

Resolve the discovery document and your library configures itself. Nothing about the integration is proprietary.

Built for modern apps

Authorization-code flow with PKCE, RS256-signed tokens, and JWKS key rotation — the way modern apps expect.

Live today — OIDC discovery + JWKS

The discovery document and public signing keys are live in production right now. You can point a standard OIDC client library at them today.

In active development — the full OIDC login flow

The interactive authorization and token exchange are being built now. Until they ship, an external app can pre-wire against discovery but can't complete a login yet.

The developer documentation tracks exactly what is and isn't available. Read the current status →

Building something that needs sign-in?

IDP.to is in early access. Read the docs to see what's live, or reach out to talk about early access.