Login with a credential, not a password.
Replace usernames, passwords, and federated identity providers with cryptographically verified Verifiable Credentials. Proven Auth plugs into your existing Keycloak SSO — or deploys its own — so your customers and employees authenticate with a tamper-proof digital credential stored on their device. No passwords to steal. No databases to breach. No third-party dependency.
Passwords fail. Federation creates dependency.
81% of data breaches involve compromised credentials. Passwords are phished, reused, guessed, and brute-forced. MFA adds friction but doesn’t eliminate the underlying vulnerability.
Federated identity providers simplify login but create dependency on a third party you don’t control. When their service goes down, your users can’t access your systems. When they change terms, you comply or lose access. Your authentication is rented, not owned.
Every system that stores login credentials is a target. The more credentials you accumulate, the more valuable the target becomes. Eliminating the credential database doesn’t just reduce risk — it removes the asset attackers are trying to steal.
From password to cryptographic proof in four steps
Proven Auth integrates with Keycloak — the most widely deployed open-source identity and access management platform — adding Verifiable Credential authentication as a native login method alongside your existing OIDC and SAML flows.
Issue a Verifiable Credential to an employee, customer, partner. The credential is stored in their digital wallet on their mobile device.
At the login screen, the user scans a QR code or taps a prompt. Their wallet presents the credential. That's it: no username, no password, no OTP needed.
Proven Auth verifies the credential’s cryptographic signature, confirms the issuer is trusted, and validates the data hasn’t been tampered with. Sub-second.
Keycloak creates the session. The user is authenticated. No credential data stored on the server. No password database to breach. No third-party call.
Proven Auth ships as a Keycloak plugin. If you’re already running Keycloak, adding Verifiable Credential authentication is a configuration change, not a development project. If you’re not on Keycloak, Proven Auth deploys a pre-configured instance with VC authentication ready out of the box. Either way, your existing OIDC and SAML applications continue to work without modification.
Install the plugin. Configure the credential type and trusted issuers. VC login appears as a new authentication option alongside existing methods.
Proven Auth deploys a full Keycloak instance pre-configured for VC authentication. OIDC and SAML support included. Connect your applications immediately.
OIDC, SAML 2.0, OAuth 2.0, and LDAP. Every application that can authenticate via Keycloak can now authenticate via Verifiable Credentials without code changes.
Accept SD-JWT VC, W3C VC, AnonCreds, and mdoc credentials. Configure which credential types and issuers are trusted per application or per realm.
Authentication that scales from SMB to enterprise
Issue verifiable credentials to employees and contractors. Authenticate across internal applications, partner systems, and cloud services without managing password databases or relying on federated providers. Revoke instantly when someone leaves.
Customers authenticate with a credential on their phone instead of remembering passwords. Account recovery becomes instant re-verification of the existing credential. No security questions, no email reset loops, no phishing vulnerability.
Citizens use government-issued digital credentials to access public services securely. Compatible with EUDI Wallet credentials, national ID programs, and mDL. A single credential works across agencies without building centralized identity databases.
No credentials stored server-side. Nothing to breach, nothing to hash, nothing to rotate.
No reliance on Google, Microsoft, or any federated provider. Your authentication is sovereign.
Credentials are cryptographically bound to the holder’s device. Can’t be phished, intercepted, or replayed.
No “forgot password” flows. No security questions. No email reset loops. The credential is always on the user’s device.
“After learning about the technology and learning about the complete suite of software and tools that Indicio offers, we’re excited to use Indicio Proven to make it easier for our members to transmit learning transcripts and reduce the complexities associated with verification of information and data related to their educational achievements.”
Replace your weakest link with your strongest
Whether you’re already on Keycloak or evaluating SSO options — bring your architecture and we’ll show you what passwordless authentication with Verifiable Credentials looks like in your environment.
Book a session →