identity provider · Karbonalpha ecosystem

One identity for all your financial services

sso.finance federates single sign-on across our business applications, internal tools and partner services. Sign in once, reach everything — securely.

multi-factor & passkeysOpenID Connect & SAML 2.0continuous audit
// standards OAuth 2.1 / OIDCSAML 2.0SCIM 2.0FIDO2 / WebAuthnSPF · DKIM · DMARC
// the service

A single entry point for the whole ecosystem

sso.finance centralises authentication and access governance. Your teams and partners sign in once to securely reach every authorised application.

01 SSO

Single sign-on

One session, every service. A verified identity unlocks the entire internal and external application estate.

02 FED

Identity federation

Connect to the SSO solutions already in place across banking and insurance information systems, to partners and to corporate directories — with no migration and no duplicate accounts. Each party keeps its source of truth.

03 MFA

Conditional access & MFA

Strengthen sign-in with contextual multi-factor authentication: passkeys, OTP, push — based on the detected risk.

04 RBAC

Entitlement governance

Centralised roles, groups and fine-grained permissions. Grant and revoke access in real time, with a full audit trail.

05 API

Third-party integration

Connect external SaaS and financial services through standard protocols. Account provisioning is automated.

06 SELF

Self-service portal

Every user manages their profile, trusted devices and authentication methods from a dedicated, secure space.

// authenticity of communications

Received an email from @sso.finance?

sso.finance is an official domain of the Karbonalpha ecosystem. Every message sent from this domain (sign-in notifications, resets, security checks) is signed and authenticated to the strictest email standards.

We will never ask for your password or security codes by email. If in doubt, contact our team at the official address.

email_auth_check
SPF PASS
DKIM signature valid
DMARC p=reject
TLS encrypted in transit
// technology stack

An identity platform built on industry standards

sso.finance relies on open, battle-tested protocols deployed in the most demanding environments of the financial sector.

Authentication protocols

Open standards for authentication and authorisation, secured with PKCE.

OpenID ConnectOAuth 2.1SAML 2.0PKCE

Federation & brokering

Connect to existing IdPs across banking and insurance information systems (ADFS, corporate directories), with no migration.

Identity BrokeringSAML / OIDCWS-FederationLDAP / ADKerberos

Strong factors & MFA

Phishing-resistant second factor: security keys, biometrics and one-time codes.

WebAuthnFIDO2TOTP / HOTPPush

Passwordless sign-in

End-to-end passwordless journeys: magic link and one-time email code, or passkeys in a single gesture.

Magic LinkEmail OTPPasskeysPasswordless

Provisioning & lifecycle

Automated synchronisation of accounts and groups to connected applications.

SCIM 2.0Just-in-TimeDirectory sync

Fine-grained authorisation

Role- and resource-based access control, down to the granular permission.

RBACUMA 2.0Token Exchange

Tokens & sessions

Signed tokens, centralised session management and propagated logout.

JWT / JWSRefresh TokensBack-Channel Logout

Adaptive security

Risk detection, conditional access and fraud protection.

Risk-based AuthBrute-forceDevice Trust

Observability & audit

Detailed event logging, SIEM export and full traceability.

Audit LogsEvent StreamingSIEM
1
identity, every service
99.9%
target availability
<1s
session establishment
24/7
monitoring & audit
// security & compliance

Built for the demands of the financial sector

Trust is our foundation. Every layer of the platform is designed for confidentiality, integrity and traceability of access.

End-to-end encryption

Communications encrypted in transit (TLS) and secrets protected at rest. Tokens are cryptographically signed.

Complete audit trail

Every sign-in, consent and entitlement change is logged and exportable to your monitoring tools.

Least privilege by default

Access is granted as narrowly as possible, reviewed regularly and revocable instantly in case of incident.

// how it works

From sign-in to access, in three steps

A seamless journey for the user, governed and secured on the platform side.

01

Single sign-on

The user authenticates once with sso.finance, using a strong factor matched to the risk of the request.

02

Verification & signed token

The platform validates the identity, applies access policies and issues a short-lived signed token.

03

Federated service access

The token unlocks authorised applications — internal and external — with no further credential entry.

// contact

A question about your access or an email you received?

Our identity & security team supports the teams and partners of the Karbonalpha ecosystem.