NexinID

Tenant-native IAM for B2B products and connected endpoints.

Register a tenant, sign in to the dashboard, manage organizations, configure delegated authorization, review entitlement-backed access, deploy applications, audit operations, inspect privacy-preserving analytics summaries, and prepare enterprise SSO or SCIM onboarding, and extend identity to devices as first-class, continuously-verified principals — all backed by documented OIDC and OAuth 2.0 flows plus explicit public trust boundaries for control-heavy buyers.

Start Developer Docs & FAQ
Snapshot

Platform snapshot

Context model
Multi-tenant

Tenant, organization, membership, session, and permission context travel with the protocol layer.

Operational control
Auditable

Critical flows emit audit events across tenancy, delegated access, licensing, protocol clients, device trust, and deployment-readiness operations.

Endpoint posture
Protocol-ready

Discovery, end-session flows, PKCE clients, delegated authorization seams, and machine-client onboarding are part of the current public platform surface.

Extended trust
Device-aware

Risk state evaluation, certificate-bound credentials, offline leases, and device activation lifecycle support higher-trust environments and IoT endpoints.

  • OIDC and OAuth 2.0 protocol surface
  • Tenant, organization, governance, and membership context
  • Enterprise SSO setup guides, diagnostics, and SCIM lifecycle entry points
  • Roles, security groups, direct grants, entitlement checks, and device trust

Register a tenant, sign in to the dashboard, invite your team, and manage identity operations through one integrated onboarding path from the first login.

Start Here

Documentation, trust, and onboarding

The public docs and FAQ now live in one documentation workspace. Start there for guides, API reference, device trust, enterprise setup, readiness, operations, analytics, and common questions.

Documentation
Read the docs and FAQ

Use one documentation workspace for implementation paths, reference material, readiness notes, and canonical FAQ answers.

Open documentation
Trust
Review current security posture

Open the trust center for public security posture, status expectations, and diligence entry points.

Open trust center
Onboarding
Start a developer tenant

Register a tenant, sign in to the dashboard, and use the documentation workspace as the guide for next steps.

Start Developer
Enterprise Federation

A clear entry point for enterprise SSO and lifecycle provisioning

NexinID now exposes one public buyer path for enterprise identity setup: supported OIDC sign-in, SCIM lifecycle onboarding, setup diagnostics, and provider-specific guidance for standard IdPs.

Sign-in
Enterprise OIDC is self-service

Tenant admins can configure enterprise OIDC connections, bind them to the matching provider runtime, and use diagnostics before rollout.

Review enterprise setup
Provisioning
SCIM onboarding has clear boundaries

SCIM user and group lifecycle support, one-time token rotation, and diagnostics are available today, while broader SCIM protocol features stay explicitly out of scope.

Open federation guide
Guides
Standard IdP guides are easy to find

Okta, Microsoft Entra ID, Google Workspace, and generic OIDC or SAML guidance all route through one canonical technical source.

See provider guides
Capabilities

Built around the layers real identity products are judged on.

Protocol, tenancy, delegated authorization, entitlement-aware runtime checks, and device trust — distinct layers, each a deliberate investment in what B2B identity actually demands at scale.

Protocol-grade identity

OpenID Connect and OAuth 2.0 primitives cover authorization code with PKCE, end-session handling, discovery-driven integrations, and current machine-client flows.

Secure client onboarding

Machine-to-machine applications, PKCE clients, controlled redirect validation, and client-secret rotation support production-minded integrations.

Tenant-native context

Tenant, organization, membership, slug, permission-version, and session identifiers are treated as first-class context instead of afterthought claims.

Device-as-principal trust

Our sharpest differentiator: devices become first-class, continuously-verified principals. Device-bound proof-of-possession tokens, sender-constrained (DPoP/mTLS) tokens, continuous access evaluation, seat-bound activation, and signed offline leases extend trust beyond browser login — without claiming GA remote attestation.

Auditable administration

Invitation events, enterprise connection diagnostics, SCIM lifecycle changes, billing usage quotas, and device-trust actions flow through audit services with signed webhook delivery, replay visibility, and CSV or NDJSON export seams.

Delegated authorization and entitlements

Security groups, roles, direct grants, and entitlement seat requirements support explainable runtime decisions and a cleaner migration away from flat permission-only checks.

The Portal Experience

A complete management plane from day one.

Registration isn't the end of the onboarding flow — it's the start of the product. Every tenant is provisioned with a secure, hardened portal that makes identity state, delegated access, and entitlement posture observable and actionable.

Tenant Dashboard

A single control plane for your isolated identity domain. Monitor active identities, pending invitations, and provisioned organizations.

Organizations & Access

Model real B2B structures. Manage memberships, assign roles, security groups, and direct grants, then preview explainable scoped checks against live entitlement context.

Application Lifecycle

Onboard machine clients, PKCE web applications, and background services with zero friction. Control secrets, redirect URIs, and scopes.

Enterprise SSO & SCIM

Configure enterprise OIDC or SAML setup data, rotate SCIM tokens, review diagnostics, and keep provider onboarding inside the tenant control plane.

Auditable Operations & Usage

Track exactly what happens inside your tenant. Monitor usage quotas and export immutable audit events for security and compliance reviews.

Tenant Portal Dashboard
Architecture posture

A product that fits inside a larger platform strategy — not one that competes with it.

Clean architecture layers, a consistent audit model, and an entitlement-aware authorization surface create a foundation others can build businesses on top of.

Layer 01: Protocol

Discovery, authorization, token handling, logout, session claims, and client registration.

Layer 02: Tenancy

Organizations, memberships, governance, invitations, and access context that map to real B2B structures.

Layer 03: Applications

Registered apps with organization ownership, onboarding rules, feature manifests, and application-scoped authorization boundaries.

Layer 04: Runtime trust

Entitlement-aware access checks, device activation, device-risk signaling inside lease tokens, and offline lease management for higher-assurance scenarios.

Positioning

Made to feel like a platform, not a side feature.

Strong identity products create confidence before anyone opens the admin console. NexinID is opinionated infrastructure: four layered capability areas, protocol compliance, and visible operational controls that signal software built to last.

  • For platform owners: Identity becomes a governed internal asset — configurable, auditable, and owned — rather than a vendor-dictated constraint.
  • For product teams: Tenancy, client onboarding, session state, and permissions are first-class product concerns, not workarounds stapled on top of a third-party service.
  • For commercial diligence: Four capability layers, protocol compliance, a documented audit model, and a published security-readiness posture are the signals that serious integration reviews look for.
Commercial signal

Why this platform holds strategic weight.

Depth

Protocol compliance, tenant governance, auditable operations, and device trust create a product story that runs four layers deep.

Control

Sessions, memberships, organizations, and device states are observable and actionable. Operators stay in control of what matters.

Portability

The current platform is designed as one deployable host that targets common relational databases without forcing a proprietary surrounding stack.

Maturity

Clean architecture layers, a consistent audit model, and a protocol-grade identity surface create a foundation others can build businesses on top of.

Today vs roadmap

What's generally available today — and what's on the roadmap

We keep this explicit on purpose. Broad capability only earns trust if you can tell what is shipped from what is planned.

Generally available today
  • Multi-tenant OIDC & OAuth 2.0 — PKCE, discovery, logout, userinfo, machine clients, and an mTLS token endpoint.
  • Runtime authorization & entitlements — roles, security groups, direct grants, and scoped checks.
  • Enterprise OIDC sign-in and connection-scoped SCIM lifecycle provisioning.
  • Device-as-principal trust — device-bound proof-of-possession tokens, sender-constrained (DPoP/mTLS) tokens, and continuous access evaluation.
  • Signed audit webhooks with replay and CSV/NDJSON export, plus aggregate privacy-preserving analytics.
  • Per-application environments, and portable deployment on PostgreSQL or SQL Server.
On the roadmap (not GA)
  • Host-side SAML assertion runtime — setup data and diagnostics today; browser runtime deferred.
  • Broader SCIM breadth (PATCH, bulk, ETag) beyond the current connection-scoped subset.
  • Zero-touch device onboarding (FDO / BRSKI) and hardware-backed attestation adapters.
  • Dedicated per-tenant deployments, region pinning, and customer-managed keys.
  • A real-time public status page.
See the evidence inventory
Get Started

Start building with NexinID

Create your tenant in minutes. Your dashboard, organizations, clients, and audit trails are ready when you are.