EU-Sovereign Identity

An EU-sovereign IdP.
No passwords.

SAML, OIDC, SCIM provisioning, and lifecycle workflows — hosted in Europe, with no US-jurisdiction dependencies.

Try for yourself

What's inside

A full-featured IdP stack, built from scratch

Passkey-First Auth

WebAuthn passkeys as the primary credential. Magic links as fallback. No passwords stored, ever.

SAML & OIDC SSO

Full identity provider for both SAML 2.0 and OpenID Connect. Federate with any SP out of the box.

SCIM Provisioning

Automated user and group sync via SCIM 2.0. Connect to HR systems and directories for JML flows.

Conditional Access

Policy engine for location, device, time, and risk-based access rules. Block or require step-up per app.

Lifecycle Workflows

Visual workflow engine for joiners, movers, and leavers. Auto-provision on hire, deprovision on exit.

Access Graph

Visualize who has access to what. Blast radius analysis, delegation chains, and group dependency maps.

From the admin console

Real screenshots from a running tenant.

Totem ID admin dashboard showing security posture, user and group counts, and recent activity feed — Dashboard — security posture, directory counts, recent activity.

Lifecycle workflow editor: visual canvas with trigger, condition, and access package assignment nodes — Lifecycle workflows — visual canvas for JML automation.

Audit log table with sign-in, workflow, and approval events, filterable by actor type and date range — Audit log — every action recorded, filterable, exportable.

Standards

WebAuthn FIDO2 SAML 2.0 OIDC OAuth 2.1 SCIM 2.0 PKCE JWT

About this build

Totem ID is an experimental MVP — vibe-coded with AI in rapid prototyping sessions. It has not been audited, makes no security guarantees, and should not be used to protect real user accounts or sensitive data. Treat it as a tech demo, not a production IdP.

An EU-sovereign IdP. No passwords.