Totem ID is an open-source identity provider built for European organizations. Passkey-first authentication, SSO, provisioning, and lifecycle management — without passwords, without vendor lock-in.
Totem ID is an experimental project built as a proof of concept. The entire codebase was vibe coded — written collaboratively with AI in rapid prototyping sessions. It has not been audited, makes no security guarantees, and should never be used to protect real user accounts or sensitive data. Treat this as a tech demo and learning exercise, not a production-ready identity provider.
A full-featured IdP stack, built from scratch
WebAuthn passkeys as the primary credential. Magic links as fallback. No passwords stored, ever.
Full identity provider for both SAML 2.0 and OpenID Connect. Federate with any SP out of the box.
Automated user and group sync via SCIM 2.0. Connect to HR systems and directories for JML flows.
Policy engine for location, device, time, and risk-based access rules. Block or require step-up per app.
Visual workflow engine for joiners, movers, and leavers. Auto-provision on hire, deprovision on exit.
Visualize who has access to what. Blast radius analysis, delegation chains, and group dependency maps.