Access Management

Easily control access to important information and areas with Verifiable Credentials

By using Verifiable Credentials, Indicio is able to issue credentials to user’s mobile devices that allow them to cryptographically prove their identity for access management to both physical buildings and the digital files and programs, such as those employees require to work.

Indicio Proven Auth Overview

Proven Auth is an OpenID Connect identity provider, similar to Google, Azure Active Directory, Auth0, Keycloak, etc. What makes Proven Auth unique is that rather than relying on a centralized database of users, Proven Auth uses Digital Credentials to authenticate its users. These Credentials are signed by any Issuer that Proven Auth has been configured to Trust. In short, Proven Auth is a Credential Verifier that can speak OpenID Connect to act as an Identity Provider.

What is OpenID Connect?

OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 protocol. It enables authentication in a standardized way and facilitates secure interaction between different systems. OIDC is widely used for Single Sign-On (SSO) solutions, where users can authenticate once and access multiple systems seamlessly.

Chances are you’ve used OpenID Connect before, whether you realized it or not. When you see a button on the login form of a website that says “Login with XYZ,” there’s a good chance that login is accomplished using the OpenID Connect protocol.

How does OIDC Work?

OpenID Connect works by letting one system – called the Identity Provider (IdP) – handle authentication for other systems that trust it. These other systems are referred to as the Relying Party (RP). Here’s what happens in practice: When you try to log into an application, instead of asking for your username and password directly, the app sends you to the Identity Provider. The IdP is responsible for verifying your identity, which might involve entering a password, using a security code, or confirming via an app.

Once the IdP confirms who you are, it sends a token back to the application. This token contains information about you, such as your name or email address, and proves to the application that you’ve been authenticated. The application checks the token, and if it’s valid, it lets you in.

The advantage is that the IdP can handle authentication for multiple applications. After logging in once, you won’t need to log in again as long as all the applications trust the same IdP. This is what makes Single Sign-On possible.

How does Proven Auth Work?

Proven Auth acts as a bridge between “traditional” web services and Digital Credential enabled systems. To traditional web services, Proven Auth is just another OpenID Connect Identity Provider, making it trivial to integrate into an existing website through the plethora of OIDC plugins and libraries available for virtually every web framework.

When the RP asks Proven Auth to authenticate a user through standard OIDC requests, Proven Auth creates a Presentation Request and makes it available to the End-User, or in Digital Credential terminology, the Wallet or Credential Holder. The Holder then presents the requested credential to Proven Auth where the credential is verified and then transformed into an ID Token to be returned to the RP.

Organization benefits

  • Increase efficiency, eliminate the need for password resets, and prevent users from being locked out due to user error.

  • Increase security with phishing-proof Verifiable Credentials: unlike passwords or physical keys, these credentials cannot be lost, stolen, or copied.

  • Easily revocable – No requirement to change access rights, passwords, or collect keys when an employee leaves.

  • Protect yourself from deepfakes and establish a more secure verification process online before sharing sensitive information.

  • Integrate into existing systems easily and enable a robust identity layer for Zero Trust architecture.

User benefits

  • All access information is stored securely on the employee's mobile device, removing the need to carry keys, physical ID cards, or remember passwords.

  • Know that your personal information is secure because there is no centralized database of logins and passwords.

  • Simple, secure, and easy to use interface removes tedious multi-factor authentication.

  • Fight impersonation attacks with credentials that can only be presented by the person they are issued to.

Contact Us Today To Get Started

Copyright 2025 Indicio PBC

PreviousBiometric VerificationNextOpen Badges

Last updated

Was this helpful?