Trust, security, and current platform posture
A public entry point for current security posture, deployment-readiness boundaries, privacy-preserving analytics guidance, technical docs, privacy and legal materials, and status expectations.
Security, deployment, and production readiness
Review the current trust boundaries, supported deployment topology, live and ready probe posture, signing and data-protection guidance, backup expectations, tenant-isolation model, and the explicit production-readiness matrix.
Developer docs and implementation guides
Use the single documentation workspace to review developer guidance, API reference, delegated authorization, device trust, enterprise setup, analytics, operations, readiness, and FAQ answers.
Enterprise SSO and SCIM guidance
Use the public enterprise entry point and canonical federation guide to review current supportable OIDC sign-in, SCIM lifecycle provisioning, diagnostics posture, and standard IdP setup guidance.
Device lifecycle and offline lease guidance
Review the canonical Epic 7 guide for activation approval, offline lease policy semantics, transfer and revocation behavior, audit diagnostics, certificate-bound machine-client pilot scope, and the current posture-claim boundary.
Privacy-preserving analytics and risk boundaries
Review the canonical Epic 9 guide for aggregate authentication, audit, and device-fleet analytics, suppression thresholds, no-collection guardrails, the bounded differential-privacy pilot, and the explicit deferred boundary for federated or learned risk models.
Audit webhooks and SIEM export guidance
Review the canonical Epic 5 guide for signed webhook delivery, failed-delivery replay, retention boundaries by plan, and NDJSON export posture for SIEM ingestion.
Privacy architecture
See how privacy is built into the platform: an explicit data map with per-category default retention, an opt-in retention purge worker, data minimisation (no raw telemetry lake), aggregate-analytics suppression below a minimum cohort size, and tenant-visible data-subject export and erasure.
Privacy and legal materials
Review the current privacy and legal pages used by the public site. These pages describe the current public handling posture without making unsupported platform claims.
Support and service status
A real-time status page with historical uptime is on the roadmap and is not live yet. The interim status page states our current monitoring and incident-communication posture honestly; availability and diligence questions are handled directly through the team.
What is public, under NDA, and roadmap
A plain-language map of where the evidence behind our claims lives, so diligence reviewers know exactly what to ask for.
Protocol & API docs, getting-started and integration guides, the device-trust contract, enterprise SSO/SCIM setup, audit-webhook and SIEM-export behaviour, privacy-preserving analytics boundaries, deployment topology and database targets, and the production-readiness matrix — all on this site.
Detailed architecture and threat model, security test results, the full capability/readiness matrix with evidence pointers, incident and backup runbooks, and tenant-isolation internals — available to evaluators under NDA on request.
Zero-touch device onboarding (FDO/BRSKI), hardware-backed attestation adapters, host-side SAML runtime, broader SCIM coverage, dedicated deployments / region pinning / customer-managed keys, and a real-time public status page.
Request NDA materials via [email protected].
Product-security baselines we align to
We treat product-security baselines as explicit engineering inputs, not a badge. NexinID is aligned to / working toward the baselines below — we make no certification claim against any of them. The detailed control-by-control mapping (behaviour, evidence, and remaining gaps) is available to evaluators under NDA.
Cyber Resilience Act essential requirements — secure-by-default, integrity, data minimisation, logging of security-relevant activity, and vulnerability handling.
No universal default passwords, a published vulnerability-disclosure policy, and transparency on security-update support.
IoT device cybersecurity capability core — identification, configuration, data protection, logical access, software update, and cybersecurity-state awareness.
No default passwords, MFA, security logging at no extra charge, secure defaults, and radical transparency.
In place today
- Secure defaults (PKCE, no universal default credentials, passkeys/MFA, aggregate-analytics suppression).
- Security/audit logging + SIEM export as standard, not an add-on.
- Coordinated vulnerability disclosure with an RFC 9116 contact.
- Device-bound, sender-constrained tokens and continuous access evaluation.
- Privacy architecture: data map, configurable retention, minimisation, export/erase.
- An operator/diligence-facing secure-defaults + component self-inventory surface.
Working toward
- Signed releases and a published software bill of materials (SBOM).
- A published minimum security-update / support period.
- A dedicated security-advisory channel.
Request the control mapping and security/readiness pack under NDA via [email protected]. See also the evidence inventory and security & disclosure.
What the public materials currently support
The current platform is documented as one deployable host with logical multi-tenancy and one relational database per deployed instance.
Current interactive guidance is centered on Authorization Code plus PKCE, discovery metadata, logout, tenant-context claims, platform-managed machine-client flows, and the documented delegated-authorization model.
Current deployed-environment database targets are PostgreSQL and SQL Server. SQLite remains part of development and isolated test guidance.
Audit webhooks are documented as signed, at-least-once delivery with explicit replay and delivery-status visibility. SIEM-facing NDJSON export is documented as available today, while schema transforms and push-stream connectors remain explicitly deferred.
Public enterprise federation guidance explicitly distinguishes what is self-service now from deferred areas such as host-side SAML assertion consumption and broader SCIM protocol coverage.
Public Epic 6 guidance covers feature manifests, security groups, roles, direct grants, membership snapshots, entitlement seats, and the scoped runtime authorization check used when access decisions must include both permissions and entitlement gates.
Public Epic 7 guidance now points to the canonical device trust contract for seat-bound activation, approval-aware lifecycle decisions, offline lease renewal policy, transfer, revocation, and audit-visible operator diagnostics.
Public Epic 8 guidance now points diligence buyers to the supported deployment-readiness path: canonical /health/live and /health/ready probes, operator-managed backup and restore expectations, durable signing and data-protection guidance, and first-party admin diagnostics that surface probe status.
Public Epic 9 guidance now points buyers to aggregate-only privacy-preserving analytics across authentication activity, audit categories, and device-fleet posture, with a canonical guide that makes suppression thresholds, audit-window quality signals, and no-collection guardrails explicit.
An explicit data map classifies every stored category with a documented purpose and a default, per-category retention window, enforced by an opt-in retention purge worker. The privacy architecture page makes the data classes, retention defaults, and minimisation posture public.
Tenant administrators can export and erase a data subject's tenant-scoped records through the API; security and compliance audit events are retained under obligation and reported explicitly rather than silently dropped. Automated per-category coverage expands over time.
The .NET SDK (Nexin.SharedAuth) is split into focused packages so a consumer takes only its integration concern, with runnable reference samples for interactive web (OIDC + PKCE), machine-to-machine, and device activation. See SDKs. Public-registry distribution is being finalized.
Current posture signals are intentionally narrow: device risk state and activation status are published in lease tokens, but broader OAuth token posture enrichment is not yet a GA public contract.
Resource context is part of the live runtime contract today, but broader resource-policy authoring is still positioned as a guided rollout path instead of a universal self-service commitment on the public site.
TPM, Secure Enclave, TEE attestation adapters, and generalized posture automation are still pilot or roadmap scope and should not be treated as current GA packaging commitments.
Differential privacy remains a bounded pilot publication mode for approved aggregate counts, and no per-user risk score, raw telemetry lake, cross-tenant model exchange, or federated learning workflow should be treated as a current GA public claim.
Dedicated per-tenant deployments, customer-managed key commitments, and documented region-pinning guarantees are not current GA public claims. Treat those areas as diligence discussion or roadmap scope unless they are explicitly contracted. A plain-language evidence inventory above states what is public, under NDA, and roadmap.