Platform / Identity / SynergyAuth
Identity & Access

SynergyAuth
A whole sign-in service, owned outright.

The service every Synergy app trusts to answer one question: is this really you? One account per person, two-step verification with six-digit codes or your fingerprint, and the standard sign-in connections business software expects — so anything can plug in. Built from the ground up and proven with 81 of 81 end-to-end tests, it fronts every application on the platform.

● Live in production auth.synergytech.cloud 81 of 81 tests passing Fronts every Synergy app
What it replaces
Oktaone login and access control for the whole team Auth0the hosted sign-in page and session service Keycloakthe run-it-yourself option — without the maintenance burden
Compatibility

Speaks every language identity speaks

SynergyAuth isn't a login form bolted onto one app — it's a full sign-in service that speaks the standard languages business software expects, so anything can plug in.

🪪The modern standard

The sign-in language nearly all of today's business software speaks — new apps connect in minutes, sign-out works everywhere, and the weaker, downgradeable connection options are refused outright.

🏛️The enterprise standard

The older sign-in language big-company software still asks for — every message signed and verified, managed from the admin console, with the single sign-out enterprise buyers expect.

👥Automatic accounts

When someone joins, their access appears; when they leave, one deactivation shuts them out of everything — no forgotten logins. Compatible with the same standard Okta and Microsoft use.

Authentication

Real two-step security, three ways in

Login is a gated pipeline, not a checkbox: password first, then a second proof it's really you before anything is unlocked — the system refuses any session that hasn't cleared that second step, and quietly issues a fresh session the moment it does.

  • Six-digit codes — the codes from an authenticator app, set up with a QR scan, plus ten single-use backup codes for a lost phone — paired with the first-party Synergy Authenticator app
  • Fingerprint or face — sign in with a passkey instead: no password to type, and no password to steal
  • Self-service recovery — forgot-password email links that work exactly once, expire in 30 minutes, and never reveal whether an email has an account
  • Passwords stored scrambled beyond recovery, a 15-minute lockout after five failed tries, one-time codes that expire in about two minutes

By the numbers

81/81end-to-end tests passing — including simulated break-ins: lockouts, stolen codes, replayed logins, forged sessions
3standard connection types served, so any business software can plug in
12hbefore an idle session expires on its own — sessions die when people walk away
Session security

Sessions that defend themselves

Most breaches of sign-in systems aren't clever — they're stolen session keys quietly reused later. SynergyAuth is built so the common attacks fail by construction, and the test suite proves each one fails.

🔄Theft detected automatically

Every session renewal issues a fresh key and retires the old one. If a retired key is ever used again — the telltale signature of theft — the entire chain is shut down on the spot.

🎯Keys only open their own door

Every key is stamped for one specific purpose and checked against it — a key issued for one job can never be reused for another.

🗝️Master keys roll without downtime

The keys that vouch for every sign-in can be swapped from the admin console — nobody gets logged out and nothing needs reconfiguring.

📜Audit log

Every security-relevant event lands in a permanent record, browsable from the admin console alongside user and app management.

Nothing sensitive is ever stored readable. Sign-in codes, keys, and certificates are encrypted at rest with bank-grade encryption, and the sign-in pages block the tricks attackers use to slip a fake login screen in front of the real one.

In production

The gate the whole platform stands behind

This isn't a demo — it's the production front door. Drive, Boards, Books, Meet, and the Synergy Hub launcher all sign in through it, and admin and self-service consoles run the day-to-day: adding people, connecting apps, refreshing keys, resetting security, reviewing the log.

Next.jsTypeScriptPostgreSQLRS256 / JWKSWebAuthnSAML 2.0SCIM 2.0AES-256-GCMDocker
Keep exploring

Related