Authagonal

Everything your SaaS needs for auth

Enterprise-grade authentication that you configure, not code. Every feature on every plan.

OAuth 2.0 & OpenID Connect

A standards-compliant authorization server, ready to go. No libraries to wire up, no endpoints to build.

  • Authorization Code with PKCE
  • Client Credentials grants
  • Refresh token rotation with configurable lifetimes
  • Custom scopes in access and ID tokens
  • Per-application token lifetime settings
  • Per-application CORS origin management
OAuth 2.0 & OpenID Connect

Enterprise SSO

The feature that closes enterprise deals. Your customers connect their own identity provider — you don't write a line of code.

  • SAML 2.0 with one-click metadata import
  • OIDC federation — Google Workspace, Azure AD, Okta, and more
  • Domain-based routing sends users to their IdP automatically
  • Multiple connections per organization
  • SP-initiated and IdP-initiated flows
Enterprise SSO

SCIM 2.0 Provisioning

Enterprise IT teams expect automatic user sync. Give it to them without building it yourself.

  • User create, update, and deactivate sync
  • Group membership sync
  • Scoped SCIM tokens with expiration
  • Works with Okta, Azure AD, OneLogin, JumpCloud
SCIM 2.0 Provisioning

Multi-Factor Authentication

Security your customers can trust, with enforcement policies you control.

  • TOTP authenticator app support (Google Authenticator, Authy, etc.)
  • Built-in QR code setup flow
  • Per-application MFA policy — disabled, optional, or required
  • Account-wide default MFA policy
  • Recovery codes for backup access
Multi-Factor Authentication

User Management

The full user lifecycle, handled. Registration, verification, password resets — all built in.

  • Registration with email verification
  • Password reset with secure token links
  • Configurable password complexity rules
  • Account lockout after failed attempts
  • User directory with search in the portal
User Management

Custom Branding

Your customers see your product, not ours. White-label the entire login experience.

  • Your logo, colors, and application name
  • Custom CSS for full visual control
  • Toggle registration and password reset links
  • Optional "Powered by" badge
Custom Branding

Custom Domains

Serve authentication from your own domain. TLS is handled automatically.

  • CNAME-based setup — auth.yourdomain.com
  • Automatic TLS certificate provisioning
  • Bring your own certificate if you prefer
  • DNS verification flow in the portal
Custom Domains

Management Portal

Everything you need to configure, monitor, and manage your authentication — in one place.

  • Application (client) management
  • SSO connection configuration
  • User directory browser
  • SCIM token management
  • Branding, billing, domains, and settings
  • Built-in sandbox environment for testing
Management Portal

Ready to get started?

Set up in under 5 minutes. Every feature, every plan.