The world's only cloud-first security mesh.

Free to get started. No credit card required.



Customers want a great application user experience from companies who are easy to do business with.

Cloudentity's Identity Microservices™ enable a frictionless user identity experience that excites and delights customers, enabling them to buy more and tell all their friends about their great experience.


Business owners want engaging customer experiences that attract new business and grow existing revenue channels.

Cloudentity enables business owners to not only meet but exceed revenue growth goals with a great user experience, faster transaction growth, and a rapid response to new business opportunities.


CISOs need to move faster to respond to business needs while minimizing security and identity risk.

Cloudentity ensures confidence through a more predictable, lower risk approach to identity and security, plus the flexibility to adapt to changing business needs at cloud speed.


Identity and security architects need to design and ensure identity standards meet the business’ needs while leveraging new technologies and de-risking new initiatives.

Cloudentity's Identity Microservices™ deliver a standardized and extensible identity and security approach that minimizes risk while leveraging existing systems and modern tech stack architectures.

A pre-built set of security microservices

The Cloudentity Security Mesh is designed as a comprehensive set of Identity Microservices™ focused on protecting cloud-native applications. Every service is prebuilt, pretested, and security reviewed.


A docker images-wrapping microservice with a security sidecar and proxy.

MicroPerimeter™ Mesh

Providing Kubernetes integration: initializers, Kubernetes-vault integration, pod-dedicated security sidecar, and proxy.

TrUST Engine™

The Cloudentity TrUST Engine™ runs algorithms calculating risk based on incoming events, including storage of calculated risk associated with user, session, IP, and device.

Token Exchange

A just-in-time token service that inserts the tokens needed for use with existing proprietary IAM systems.

Authorization Service

Use our authorization service to create effective policies combining validation of user attributes, risk, permissions, roles, location, and devices.

Data Layer

Our data layer service provides mapping, translation and aggregation services while interacting directly with data stores, sessions stores, and existing IAM systems.


Cloudentity’s SAML IDP brings SAML into the modern era, making it horizontally scalable and highly configurable.


Our SAML SP is a set of federation services that enables service provider or relying party functionality.

OAuth & OIDC

A multi-tenant, federated SSO for OIDC- and OAuth-enabled applications, exposing APIs as well as UI to handle OAuth flows.


Provides authentication to Cloudentity with external SAML and OIDC/OAuth-enabled IDPs, supporting dynamic IDP discovery.

User Management

Cloudentity offers multi-tenant management of users and their attributes with built-in mobile, password, and email verification flows.

User Registration

A self/admin user registration and activation flows service with password management and reset password flows.

Device Management

Our device management service provides built-in device print analysis and recognition algorithms, as well as device history with Cassandra store support to store an enormous amount of devices.

Device Registration

Cloudentity’s device registration generates device salt that is returned to the user agent with configurable additional device attributes.


Experience comprehensive application management through distinct application capabilities: OAuth Client , client I.D., secret, and consumed resources selection.

Delegated Admin

Get decentralized management of access rights for different roles.

IDP Configuration

Cloudentity’s IDP configuration is an externalized configuration service for the SAML ID that implements external authentication module for SAML flows.

User Self-Service

Providing self-registration, client-side password policy verification, email/mobile verification, device management, and more.


Use MFAs in authorization policies and receive a selection of predefined verifications and device-based adaptive authentication.

API Gateway

Cloudentity’s API gateway provides API protection with powerful offline and online authorization/policy enforcement. It also supports third party GWs via plugins.

Service Mesh Sync

We offer microservices installed within the secured service mesh domain to synchronize local configuration with the centralized policy and API management.

Service Mesh Config

A microservice that exposes central, tenant-specific configuration for the service mesh sync consumption.

Stats & Reports

Use REST APIs to get statics and reports and capture information from logs before writing it on disk and sending it to analysis.

Administration UI

Providing UI-based user, application, federation, organization, microservice, policy, permission, and role management.


The Cloudentity Security Mesh also includes the TrUST Authorization Engine™, which measures real-time transactional risk between the protected services, users, and things. This solution can assess and evaluate risk on a transactional basis and provide dynamic authorization flows to mitigate the risk.

The TrUST Engine™’s dynamic authorization is available for every transaction, from the initial user authentication to every application-to-application transaction. It also maintains user context, solving complex microservices security and audit issues while ensuring the highest levels of security for transactions.

Further still, each transaction creates a comprehensive digitally signed audit trail from authentication to data access. It does this through unique individual transaction IDs and verified claims available to applications, microservices, APIs, containers, and server-less functions for frictionless fulfillment of governance and compliance requirements.

Now organizations can build more quickly and run faster in a cloud-speed DevOps world.


  • An evolving set of microservices for management of UST, user self-service, strong authentication, session mobility, and more
  • Ideal for modern container architectures
  • Supports cloud-native, hybrid-cloud, and multi-cloud architectures


  • SaaS Cloud apps via SAML 2.0, OpenID Connect, or SCIM
  • Net new apps and services via Open SDK and REST APIs
  • Legacy and COTS apps via Cloudentity Access Gateway
  • Top third party security, identity, WAF, SIEM, detection, fraud, and attribution vendors