Hosted identity for modern apps.
IDP.to gives your product passkey-first sign-in on your own domain. Your users authenticate with passkeys, never passwords — and you integrate over standard OpenID Connect.
What IDP.to gives you
Passkey-first sign-in
Your users sign in with passkeys, never passwords. Stronger security, and nothing to remember or reset.
Hosted on your domain
Hosted login and account-security pages that live on your own domain — you don't build or run any of it.
Enterprise SSO
Single sign-on for B2B SaaS, so you can bring on enterprise customers without building it yourself.
OpenID Connect
Built on the OpenID Connect standard. It works with any conformant OIDC client library.
Standard integration
Resolve the discovery document and your library configures itself. Nothing about the integration is proprietary.
Built for modern apps
Authorization-code flow with PKCE, RS256-signed tokens, and JWKS key rotation — the way modern apps expect.
Where things stand
The discovery document and public signing keys are live in production right now. You can point a standard OIDC client library at them today.
The interactive authorization and token exchange are being built now. Until they ship, an external app can pre-wire against discovery but can't complete a login yet.
The developer documentation tracks exactly what is and isn't available. Read the current status →
Building something that needs sign-in?
IDP.to is in early access. Read the docs to see what's live, or reach out to talk about early access.