LIVE: AUTH MESH

EST. 2026 · IDENTITY INFRASTRUCTURE

Identity,
self-hosted.

A complete identity backend for the post-SaaS era — auth, RBAC, sessions, passkeys, SAML, SCIM, and signed audit logs. One binary, your database, zero phone-home.

SDKS 7
ENDPOINTS 40+
Deploy your perimeter
7OFFICIAL SDKS
40+REST ENDPOINTS
14msP99 LATENCY
0PHONE-HOME CALLS
100%DATA SOVEREIGNTY

// CORE SYSTEMS

Every primitive of identity, in one binary.

Authentication, authorization, sessions, and compliance — built to run inside your own infrastructure with no external dependencies.

Authentication

Email + password, magic link, email OTP, passkeys, and OAuth — flows that ship secure by default.

RBAC & Authorization

Typed roles and a policy matrix. Permissions are declarative, versioned, and enforced at the edge.

Sessions & Tokens

RS256 / HS256 JWTs, automatic refresh rotation, and scoped API keys with full revocation control.

Enterprise SSO

SAML 2.0 and SCIM 2.0 for directory sync and just-in-time provisioning across every IdP.

Audit Logs

Signed, tamper-evident, and exportable. Every privileged action is cryptographically chained.

7 Official SDKs

TypeScript / React, Python, Go, Ruby, Java, PHP, and .NET — generated from one source of truth.

// IDENTITY INFRASTRUCTURE

One binary. Your database. Your perimeter.

Drop the ghcr.io/identsphere/server image into your stack and own the full identity layer — no control plane you don't run, no data leaving your boundary.

Typed RBAC

Mistyping a role is a build error, not a runtime 403. Your authorization model is checked at compile time.

Zero phone-home

Even license checks run offline. Nothing about your users, traffic, or topology ever leaves your network.

// QUICKSTART

From zero to authenticated in two commands.

Run the server against your own Postgres, then wire up your app with the SDK of your choice.

~/your-stack 
# 1 — run the identity server against your database
$ docker run -p 8080:8080 \
    -e DATABASE_URL=postgres://localhost/identsphere \
    ghcr.io/identsphere/server:latest
→ identsphere · listening on :8080 · self-hosted · 0 phone-home

# 2 — install the SDK and protect your app
$ npm install @identsphere/react
→ added 1 package · typed RBAC ready
TS / React Python Go Ruby Java PHP .NET

// CHRONOLOGY · THE STACK

Built milestone by milestone.

A focused roadmap shipped in deliberate layers — each one production-grade before the next began.

  1. v0.1

    Core auth + RBAC

    Email/password, sessions, typed roles, and the policy matrix — the foundation everything else builds on.

  2. v0.4

    MFA & Passkeys

    TOTP, WebAuthn passkeys, magic links, and email OTP — phishing-resistant factors out of the box.

  3. v0.7

    SAML & SCIM

    Enterprise SSO with SAML 2.0 and directory sync via SCIM 2.0 — provisioning that scales to org charts.

  4. v1.0

    Audit export & webhooks

    Signed, tamper-evident audit logs with streaming export and real-time webhooks for every event.

// PRICING

Own it free. Scale when you're ready.

The core is open and unlimited. Paid tiers add compliance, support, and enterprise connectors — never a cap on your users.

COMMUNITY

$0/forever

Everything you need to self-host identity.

  • All authentication flows
  • Typed RBAC & authorization
  • All 7 official SDKs
  • Unlimited users
Get started
POPULAR

PRO

$49/mo

For teams shipping to production.

  • Everything in Community
  • Audit log export
  • Webhooks
  • Email support
Start Pro

SCALE

$199/mo

Enterprise connectors and priority help.

  • Everything in Pro
  • SAML 2.0 SSO
  • SCIM 2.0 provisioning
  • Priority support
Start Scale

ENTERPRISE

Custom

For regulated and high-assurance deployments.

  • Everything in Scale
  • Contractual SLA
  • Dedicated support
  • Deployment review
Contact sales

// DEPLOY

Own the perimeter.

Spin up the full identity stack on infrastructure you control — in minutes, with no phone-home.

Get started free Read the quickstart