Introducing the next era of Duende IdentityServer.

Read our CEO’s announcement
Start for Free

Financial-Grade Identity Built for .NET Teams

Build financial-grade identity infrastructure on .NET with the spec implementation that banks, credit unions, and fintechs need for open banking, PSD2, and CFPB Section 1033. Extend Duende IdentityServer with modular add-ons as your regulatory surface grows.

Talk to an Expert
hero graphic
Challenge

Regulators Move Faster Than Legacy IdPs Can Adapt

Open banking, PSD2 Strong Customer Authentication, FAPI 2.0, and CFPB Section 1033 keep raising the bar for authorization security. Most vendors ship consent flows that force you to solve each new regulation with a manual plugin and turning their technical debt into your financial burden.

Impact of Doing Nothing

Compliance Debt Compounds. Transactions Don't Wait.

Policy drift surfaces in every SOC 2, ISO 27001, and PCI cycle. Fragmented consent logs turn regulator inquiries into archaeology. Token theft and session hijacking go unaddressed; payment flows and account aggregation stall waiting on a vendor's roadmap. Every workaround compounds.

Duende IdentityServer Customers

Trusted by over 2,500 of the world's most standards-based and security-conscious organizations

Solution

Financial-Grade Identity Infrastructure, Expanded on Your Terms

Duende IdentityServer gives .NET teams an identity foundation that’s standards-compliant, fully extensible in C#, and deployable wherever your regulator requires. Add capabilities as your regulatory surface grows through modular add-ons, with one roadmap and support contract, and no third-party bolt-ons.

Financial-Grade Security & Conformance

Validate your existing Duende IdentityServer configuration against FAPI 2.0 and OAuth 2.1 requirements and produce an audit-supporting conformance report with remediation guidance.

Transactional Consent

Rich Authorization Requests carry per-transaction detail into the approval screen and into an access token scoped to that one transaction. Every consent is queryable, every approval auditable.

Decoupled Authentication (CIBA)

Client-Initiated Backchannel Authentication for call-center, voice-banking, and agent-initiated flows, so a human approval can be bound to a specific transaction on a second device

Deploy and Extend Without Vendor Boundaries

Deploy on-premises, private cloud, or air-gapped. Data stays in your jurisdiction, keys in your HSM. When you need custom grant types, claim transformations, or policy decision points, you write them in C# against a first-party extensibility surface.

Benefit

Compliance Moves at the Speed of Your Sprints

Spec Adoption Without Rewrites. See Financial-Grade Security and Conformance Add-On for more details

Auditable by Design

Queryable logs for every consent and token event.


Per-Transaction Security

RAR-bound tokens with fine-grained scope.


Deep Extensibility in C#

Your .NET team owns the identity layer.


Expand on Your Terms

Add financial-grade capabilities when you need them, priced by client rather than per-MAU.


See Duende in Action - Build Financial-Grade Identity on .NET

Explore the Financial-Grade Add-On Read the Audit Logs Guide
CTA Background