Hosted OpenID Connect & OAuth 2.0 server

Flexible enough to meet your most demanding identity and production requirements. Engineered for 24/7/365 uptime, distributed operation and low TCO.

Get started for free


Enjoy the benefits of having your own Connect2id server without having to worry about its deployment and scaling.

OpenID Connect Login

Your OpenID Connect & OAuth 2.0 server

Issue OpenID and OAuth tokens to facilitate single sign-on, identity provision and protect access to web APIs and other resources.

Identity federation

Federate identities, freely

Federate identities from trusted providers, organisations and partners. Enable social logins from Google, Facebook, Twitter, etc.

User database

Your user data stays with you

You can use your own existing user stores. The Connect2id server does not require access to your users' credentials, which is a plus for security.

Identity federation

Bring your own policies

You are free to devise your own rules for login, consent and managing the token lifecycle. These can be scripted in any language you like.

World zones

High availability, in a region of your choice

You get a Connect2id server cluster for high availability, in a AWS data centre of your choice for quick and low-latency access from your applications.


Collect identity events and metrics

Collect key identity events and metrics in real time, for logging, audit and business intelligence purposes.



€ 299

Up to 10 000

Monthly active users

2 instances in a load-balanced cluster

Subdomain name with SSL

Encryption at rest

Email support

€ 599

Up to 20 000

Monthly active users

2 instances in a load-balanced cluster

Subdomain name with SSL

Encryption at rest

Email support

Contact Us


Monthly active users

Up to 4 instances in a load-balanced cluster

Subdomain name with SSL

Encryption at rest

Email support

Billing is on a monthly basis. The prices don't include European Union VAT (not applicable to customers outside the EU).


Frequently Asked Questions

Is there a free plan?

No, but you can try out the service for 14 days (no credit card required).

Where is my Connect2id server going to be hosted?

In the Amazon cloud (AWS).

Which AWS regions are available?

You can choose to have your Connect2id server cluster deployed in any one of the 16 EC2 regions, in North and South America, Europe, Asia and the Pacific.

How can I configure my hosted Connect2id server?
  • With the help of a wizard in the admin console. The JWK set and master tokens will be generated automatically for you in the console.

  • By pasting the entire configuration as Java properties, including the JWK set, into the admin console.

We're also working on providing a web API for configuring your hosted Connect2id server.

Which OAuth 2.0 grant types are supported?

The hosted Connect2id server is built to enable handling of the following OAuth grant types:

  • Authorisation code and implicit — The browser-based flows are handled via the authorisation session API (also see the login page guide).

  • Resource owner password credentials — Via a web hook that delegates validation of the submitted username and password to an external service.

  • Client credentials — Via a simple handler that bounds the scope of the issued token to those scope values set in the client's registration.

Web based hooks for handling JWT and SAML 2.0 bearer assertion grants will be provided at a later stage.

Which OpenID claims sources are supported?

The hosted Connect2id server build includes two connectors for sourcing OpenID claims (attributes) about end users:

  • LDAP — To retrieve claims from a Microsoft Active Directory and other LDAP v3 compatible directory servers.

  • HTTP endpoint — A web hook for retrieving the claims from an external service.
Which OAuth client authentication methods are supported?

All client authentication methods supported by the on-premise Connect2id server, save for self_signed_tls_client_auth (until client X.509 certificates become supported by Amazon’s ELB, or a viable workaround is found).

Which Connect2id server version am I going to get?

Typically the latest stable version of the Connect2id server. Upgrades will be handled by us, transparently to you and with zero service downtime.

What support is included in the subscription?

Basic email support with configuration. If there's sufficient demand we may consider offering more comprehensive support plans, similar to those for the licensed on-premise Connect2id server.

What is the billing cycle?

Usage is billed every month, according to the number of active users for the period.

How are active users counted?

By counting the unique subject identifiers (end-user identities) in issued ID and access tokens during the billing period.

Do you issue VAT invoices?

Yes, we do, if the billed entity is located in the EU. You can enter and edit the VAT number of your organization through the billing self-service portal (Account > My Subscription).


Get updates on Twitter