What is Auris
Auris is a complete Identity and Access Management (IAM) platform by Altovar, built on a proven enterprise identity engine. It provides authentication, authorization, user management, and security features for modern applications — packaged as a managed service with a developer-first API, multi-framework SDKs, and a full-featured admin console.
Auris handles the complexity of identity infrastructure so your team can focus on building your product. It supports everything from simple email/password login to advanced enterprise SSO, SCIM provisioning, fine-grained authorization, and adaptive multi-factor authentication.
Who is Auris for?
Auris is designed for four primary audiences:
Developers building web and mobile applications Teams that need authentication working correctly from day one, without managing identity engine configuration, JWT signing keys, or token refresh logic directly. Auris provides SDKs for JavaScript, React, Next.js, PHP, and WordPress, plus a hosted login page that works out of the box.
IT administrators managing users and access Organizations that need a central control plane for user accounts, role assignments, group memberships, and audit logs. The Auris Console provides full visibility and control without requiring direct database or identity engine admin access.
B2B SaaS companies with multi-tenant requirements Products that sell to other businesses and need per-customer user isolation, enterprise SSO (SAML 2.0 and OIDC), automated user provisioning via SCIM 2.0, and organization-level role management. Auris handles all of this at the platform level.
Organizations requiring EU-compliant identity management Companies operating under GDPR or similar data residency requirements. Auris is deployable in EU-region infrastructure, provides GDPR tooling (data export, right to erasure), and does not route identity data through US-based third parties unless explicitly configured.
Key Capabilities
Ten authentication methods: email/password, social login (9 providers), magic links, SMS OTP, WebAuthn passkeys, SAML SSO, OIDC SSO, M2M client credentials, device flow, and CIBA.
AuthenticationThree-layer authorization: platform roles, Prisma-backed RBAC with tri-state permissions (ALLOW/DENY/INHERIT), and Zanzibar-style Fine-Grained Authorization (FGA) for object-level access control.
AuthorizationFull user lifecycle: create, update, disable, delete. Bulk import via CSV or JSON. Export user data. Automated provisioning and deprovisioning via SCIM 2.0 (compatible with Okta, Azure AD, and OneLogin).
User ManagementTOTP (authenticator apps), SMS OTP, and WebAuthn passkeys. Adaptive risk-based MFA escalates to additional factors automatically based on IP reputation, device trust, geographic anomalies, and impossible travel detection.
Multi-Factor AuthenticationB2B multi-tenancy with per-organization SSO, member role management (OWNER/ADMIN/MEMBER/VIEWER), invitation workflows, and domain-based SSO detection for seamless enterprise login.
OrganizationsSDKs for JavaScript, React, Next.js, PHP, and WordPress. A CLI for scripting and CI/CD. An API Explorer with live request testing. An Actions engine for custom logic hooks during auth flows. OIDC Discovery and JWKS endpoints for standard integrations.
Developer ToolsSliding-window rate limiting (4 tiers), brute-force account lockout, CAPTCHA support (Cloudflare Turnstile, hCaptcha, reCAPTCHA v3), IP allow/block lists with CIDR matching, suspicious login detection with GeoIP and impossible travel analysis, and DPoP token binding for advanced API security.
SecurityOutbound webhooks with HMAC-SHA256 signing. Pre-built connectors for Slack, Discord, Microsoft Teams, Zapier, Make, and Google Sheets. An automation engine for if/then workflow rules. SCIM provisioning for inbound identity sync.
IntegrationsAuris vs. a DIY Identity Setup
Auris is built on a proven enterprise identity engine and wraps it with:
- A modern REST API that abstracts the underlying administration API complexity
- A developer console built for product teams, not identity engine experts
- Pre-built SDKs that handle OAuth 2.0 PKCE, token refresh, and session management
- Hosted login pages with full theming support and CAPTCHA integration
- An additional authorization layer (RBAC + FGA) beyond the native role system
- Managed security features (rate limiting, brute force, suspicious login) wired in by default
- Audit logging, webhook delivery, and a notification system out of the box
If you are currently running a self-managed identity deployment, Auris is designed to sit on top of your existing realm data — you do not need to migrate users.
Auris vs. Auth0, Clerk, WorkOS
Auris offers comparable authentication and authorization capabilities to cloud-only IAM services, with two key differences:
- Self-hostable: Auris can be deployed in your own infrastructure or EU-region cloud environment.
- Full feature set, single product: Fine-Grained Authorization, SCIM, Actions, and advanced OAuth 2.0 features (Device Flow, CIBA, DPoP) are built into the core product, not separate SKUs.
For a detailed feature-by-feature breakdown, see Auris vs Alternatives.
Platform Architecture
Auris is structured around three main layers:
- SDKs — Framework libraries that handle the OAuth 2.0 PKCE flow, token storage, and user session on the client side.
- API Layer — A Next.js-based REST API that wraps the identity engine administration, adds the RBAC/FGA authorization layers, and provides webhooks, actions, and security services.
- Identity Engine — The underlying identity store, session management, and federation engine.
For a detailed technical breakdown, see Architecture.
Getting Started
The fastest path to a working integration:
- Quick Start — Create an application, install an SDK, and add a login button in under 10 minutes.
- Key Concepts — Understand tenants, applications, tokens, RBAC, and FGA before building.
- Authentication Guides — Implement specific auth methods (social login, MFA, passwordless, SSO).
- SDK Reference — Full API documentation for all Auris client libraries.
- REST API Reference — Complete HTTP API documentation for server-side integrations.
If you are migrating from an existing auth provider, see the Migration Guides.