top of page

Passwordless Identity Broker

CodeB Identity Broker - the future of secure, password-free, and effortless digital access. It operates as a typical OpenID Connect Identity Provider (IdP) for your web applications, but with a unique twist - it uses mobile devices as the actual IdPs. Acting as a proxy and broker, it navigates the connectivity constraints of mobile devices.

Our solution taps into the widespread use and convenience of mobile devices to significantly enhance security. It effectively neutralizes traditional password-related threats such as phishing, brute force attacks, and keylogging.

In addition, we improve the user experience by removing the need to remember and input complex passwords. Users can authenticate quickly and efficiently using their mobile device. Our strategy provides not only top-tier security but also a user-friendly login experience, ensuring digital access is both secure and smooth.

We provide instant, hassle-free connections with a variety of enterprise directories, including Okta, Auth0, Google Workspace, and Azure B2C Active Directory. This enables administrators to manage user provisioning and de-provisioning easily via their chosen IdP, ensuring a frictionless user experience when accessing your application. Embrace the future of secure and effortless access with CodeB Passwordless Identity Broker.

How it works

In addition to supporting Time-based One-Time Passwords, CodeB Authenticator pushes the boundaries of security by generating OpenID Connect compliant web tokens. These tokens are signed with the mobile device's private keys, which are shielded by Android processor-backed keystores or the robust hardware-based 'Strongbox'.

Traditional authentication workflows require a centralized server infrastructure, which could expose users to risks tied to centralized keys. CodeB Authenticator is disrupting this paradigm. By using secure keystores and Strongbox, we offer superior protection for your keys.

Our strategy decentralizes the authentication process, bolstering security and revolutionizing the authentication experience. To circumvent network restrictions during mobile communication, a secure authentication broker is essential. This broker facilitates the encrypted authentication messages between the mobile device and the consuming service, ensuring communication is both secure and efficient​.

Product Benefits

Single Sign On

We enable a smooth authentication process across multiple applications using a single set of login credentials, or simply put, your mobile phone serves as the key.

Enhanced Security

The device's keystore, typically secured in a hardware-protected environment, presents a significant challenge for unauthorized users seeking access to the private keys. This greatly diminishes the likelihood of key compromise.


Generating tokens on the device decentralizes authentication, reducing dependence on a single potential point of failure. In a centralized system, if the authentication server is compromised, all managed accounts are endangered. In contrast, with decentralized authentication, the impact of an attacker compromising a single device is contained to just that device.

Minimized Risk

By generating and storing keys directly on the device, we limit the transmission of sensitive data over the network, thus reducing the potential for data interception during transit. Without the need for a central authorization server, we further decrease the likelihood of account hacking attacks.

Increased Control

Users have greater agency over their own security. With the private keys stored on their personal devices, they aren't required to place their trust in a third party to maintain their information's security​.

Enterprise SSO

Administrators have the ease of managing user provisioning and de-provisioning via their chosen Identity Provider (IdP). This guarantees a smooth user experience when accessing your application. We provide immediate, hassle-free connections with a variety of enterprise directories, including Okta, Auth0, Google Workspace, and Azure Active Directory.

Push Notifications

Push notifications serve as an additional tool in the authentication process, lowering hurdles without compromising security. With CodeB Authenticator, the need for SMS or manual codes is eliminated. Authentication is achieved with a simple one-touch action.

Server Initiated Auth

Server Initiated authentication is a process where the authentication request is initiated by the server. By matching the user to their mobile phone, CodeB allows them to log-in to websites and applications quickly without the need to remember passwords and usernames. It's safe, secure and no personal information is shared without permission.

Integrated Timenotary

The integrated RFC 3161 Timenotary offers independent and irrefutable proof of time for transactions, documents, and digital signatures. It is also compliant to the "Cloud Signature Consortium" API.

Ease of Use

Our Identity Broker allows you to write your code once and effortlessly integrate with any Identity Provider (IdP) or pre-configured connections, eliminating the need for constant modifications to your web applications. We enable a standardized login flow for a secure and consistent Single Sign-On (SSO) experience. Plus, with the use of custom domains, you can maintain your brand's presence throughout the login process.

Simple Integration

The CodeB Identity Broker offers seamless integration with various 3rd Party Identity Providers, including Auth0, Nextcloud, Azure AD B2C, and numerous others.

Experience It

We've set up several live demos for you to explore. For instance, you can create and use your own Nextcloud account without the need for a password. Additionally, we've developed a basic JavaScript demo to illustrate integration workflows with Auth0 and Wix. This script can also function as a standalone demonstration. If you need a specific demo please do not hesitate to contact us.

Our Offerings

We provide several Identity Broker options that are free to use, but we also offer private hosted instances (SaaS) of the Identity Broker, or a software package that can be installed in your own data centers. Reach out to us to determine the solution that best fits your needs.

bottom of page