Issue OpenID and OAuth tokens to facilitate single sign-on, identity provision and protect access to web APIs and other resources.
Federate identities from trusted providers, organisations and partners. Enable social logins from Google, Facebook, Twitter, etc.
You can use your own existing user stores. The Connect2id server does not require access to your users' credentials, which is a plus for security.
You are free to devise your own rules for login, consent and managing the token lifecycle. These can be scripted in any language you like.
You get a Connect2id server cluster for high availability, in a AWS data centre of your choice for quick and low-latency access from your applications.
Collect key identity events and metrics in real time, for logging, audit and business intelligence purposes.
Billing is on a monthly basis. The prices don't include European Union VAT (not applicable to customers outside the EU).
No, but you can try out the service for 14 days (no credit card required).
Where is my Connect2id server going to be hosted?In the Amazon cloud (AWS).
Which AWS regions are available?You can choose to have your Connect2id server cluster deployed in any one of the 16 EC2 regions, in North and South America, Europe, Asia and the Pacific.
How can I configure my hosted Connect2id server?With the help of a wizard in the admin console. The JWK set and master tokens will be generated automatically for you in the console.
We're also working on providing a web API for configuring your hosted Connect2id server.
Which OAuth 2.0 grant types are supported?The hosted Connect2id server is built to enable handling of the following OAuth grant types:
Authorisation code and implicit — The browser-based flows are handled via the authorisation session API (also see the login page guide).
Resource owner password credentials — Via a web hook that delegates validation of the submitted username and password to an external service.
Web based hooks for handling JWT and SAML 2.0 bearer assertion grants will be provided at a later stage.
The hosted Connect2id server build includes two connectors for sourcing OpenID claims (attributes) about end users:
LDAP — To retrieve claims from a Microsoft Active Directory and other LDAP v3 compatible directory servers.
All client authentication methods supported by the on-premise Connect2id server, save for self_signed_tls_client_auth (until client X.509 certificates become supported by Amazon’s ELB, or a viable workaround is found).
Which Connect2id server version am I going to get?Typically the latest stable version of the Connect2id server. Upgrades will be handled by us, transparently to you and with zero service downtime.
What support is included in the subscription?Basic email support with configuration. If there's sufficient demand we may consider offering more comprehensive support plans, similar to those for the licensed on-premise Connect2id server.
What is the billing cycle?Usage is billed every month, according to the number of active users for the period.
How are active users counted?By counting the unique subject identifiers (end-user identities) in issued ID and access tokens during the billing period.
Do you issue VAT invoices?Yes, we do, if the billed entity is located in the EU. You can enter and edit the VAT number of your organization through the billing self-service portal (Account > My Subscription).