The service every Synergy app trusts to answer one question: is this really you? One account per person, two-step verification with six-digit codes or your fingerprint, and the standard sign-in connections business software expects — so anything can plug in. Built from the ground up and proven with 81 of 81 end-to-end tests, it fronts every application on the platform.
SynergyAuth isn't a login form bolted onto one app — it's a full sign-in service that speaks the standard languages business software expects, so anything can plug in.
The sign-in language nearly all of today's business software speaks — new apps connect in minutes, sign-out works everywhere, and the weaker, downgradeable connection options are refused outright.
The older sign-in language big-company software still asks for — every message signed and verified, managed from the admin console, with the single sign-out enterprise buyers expect.
When someone joins, their access appears; when they leave, one deactivation shuts them out of everything — no forgotten logins. Compatible with the same standard Okta and Microsoft use.
Login is a gated pipeline, not a checkbox: password first, then a second proof it's really you before anything is unlocked — the system refuses any session that hasn't cleared that second step, and quietly issues a fresh session the moment it does.
Most breaches of sign-in systems aren't clever — they're stolen session keys quietly reused later. SynergyAuth is built so the common attacks fail by construction, and the test suite proves each one fails.
Every session renewal issues a fresh key and retires the old one. If a retired key is ever used again — the telltale signature of theft — the entire chain is shut down on the spot.
Every key is stamped for one specific purpose and checked against it — a key issued for one job can never be reused for another.
The keys that vouch for every sign-in can be swapped from the admin console — nobody gets logged out and nothing needs reconfiguring.
Every security-relevant event lands in a permanent record, browsable from the admin console alongside user and app management.
Nothing sensitive is ever stored readable. Sign-in codes, keys, and certificates are encrypted at rest with bank-grade encryption, and the sign-in pages block the tricks attackers use to slip a fake login screen in front of the real one.
This isn't a demo — it's the production front door. Drive, Boards, Books, Meet, and the Synergy Hub launcher all sign in through it, and admin and self-service consoles run the day-to-day: adding people, connecting apps, refreshing keys, resetting security, reviewing the log.
Next.jsTypeScriptPostgreSQLRS256 / JWKSWebAuthnSAML 2.0SCIM 2.0AES-256-GCMDocker