Indicio Proven Auth

Quickly configure Single Sign-On (SSO) to use a Verifiable Credential for login

Easier, faster, more secure authentication

Indicio Proven Auth allows you to quickly configure single sign-on (SSO) with policy-driven authorization so that your customers or end users can login with portable digital identities instead of usernames and passwords. It allows you to easily implement policies that define access rules dynamically. No more one-size-fits-all permissions. No more access silos.

With Proven Auth, you can use dynamic access rules that respond instantly when a Verifiable Credential is presented. Instead of granting broad permissions, you can enforce fine-grained policies that determine exactly what each person should access based on their role, credentials, and other verified attributes.

  1. Issue Verifiable Credentials using Indico Proven to employees, customers, partners, or have your contractors issue them to their employees that contains information that would affect their access. This could include things like their role, location, years of experience, certifications or other relevant information.

  2. Integrate Proven Auth with policy engines like Amazon Verified Permissions or Abacus and write policies based on your business’ needs.

  3. Grant access based on their verified attributes so instead of using static, pre-configured access roles, the world of tools and systems people can access is set up for them in minutes, without needing to log into anything.

When logging into an application, Proven Auth checks to see if the credential issuer is valid and provides the destination system with the necessary data about who you are and what you should have access to. Proven Auth doesn’t need to have seen your credential before to do this.

Features

  • Comes with Keycloak for identity access management but is easily configurable to use other software.

  • Combine popular protocols (e.g. OIDC, SAML) with widely-used policy engines (such as Amazon Verifiable Permissions or Abacus) for role- or user-based authorization decisions based on the attributes of a Verifiable Credential.

  • Unlike conventional identity provision, Proven Auth enables systems to allow access based on credentials they have never seen before provided they trust the source (e.g., government-issued ID).

  • Credentials can be quickly configured to handle complex information flows, making it easier to implement least-privilege access for zero trust.

  • Superior to Passkeys because 1) they do not need to be enrolled; 2) they are able to hold contextually useful information that can be shared by consent, thereby simplifying compliance.

Benefits

  • Replaces weak passwords and weak second-factor authentication for better security.

  • No tracking by centralized third-party identity providers.

  • No worries if a federated identity provider goes dark.

  • Reduces the steps for authentication in a zero-trust architecture model.

  • Program with governance rules for least-privilege access.

  • More powerful than passkeys and don’t require enrollment.

  • Simpler, more secure user experience.

  • Get ahead of the portable digital identity transformation in the European Union (eIDAS, EUDI), the travel sector, and in mobile driver’s licenses.

  • Get all these features faster and cheaper than conventional identity access management solutions.

Proven Auth Workflow

  1. The issuer assembles all the necessary identity information to prove who a user is.

  2. The information is stored inside a Verifiable Credential and issued to the end user’s mobile device.

  3. Personally identifiable information is deleted from the issuer’s systems, removing liability and lessening risk of breach

  4. The credential is stored securely in a digital wallet on the user’s phone, and can be accessed and shared either partially or in full to prove identity.

  5. The user can now share this information to securely login to a variety of services such as gmail, slack, teams, and more with the quick scan of a QR code, instead of remembering passwords or relying on third party identity providers who can experience outages or issues.

How to use Proven Auth to configure Single Sign-On (SSO) to use a Verifiable Credential

Why use a Verifiable Credential for SSO?

Copyright 2025 Indicio PBC

PreviousIndicio AcademyNextIndicio API Documentation

Last updated

Was this helpful?