Identity for Machines, Operators, and Products

Integrate Duende IdentityServer in your Manufacturing Execution System (MES), Supervisory Control and Data Acquisition (SCADA), or connected-product platform using flexible .NET components and SDKs. Deployable on plant floors, edge networks, occasionally connected and air-gapped environments. Extend with modular add-ons as identity complexity grows.

Talk to an Expert

Challenge

Where Cloud Identity Can't Follow

Industrial software lives behind firewalls, on restricted OT networks, often without outbound connectivity where cloud-only identity can't operate. Building in-house costs 12–18 months and still breaks under employees, partners, distributors, and thousands of edge devices. Every new partner adds another identity stack.

Impact of Doing Nothing

Every Deployment, a One-Off

OT security blocks cloud-dependent software, stopping deployments before they start. Partner onboarding drags with custom SSO integrations, while overbroad access and rigid identity models create risk and compliance gaps turning every deployment into a one-off and slowing your entire go-to-market.

Solution

Ship Identity With Your Product

One Redistribution license covers every deployment model: plant-floor appliance, private cloud, or air-gapped. Identity ships inside your product, runs under your brand within your customer's network boundary, and extends with modular add-ons.

Redistribution at Industrial Scale: Air-Gap & Edge-Ready

License one product, ship it to hundreds of manufacturers. No per-user, per-MAU, or per-site renewal conversations. Runs anywhere with no mandatory phone-home telemetry. Deploy in sovereign, isolated, and classified environments so the OT security team signs off on the install.

Federation & Multi-Region Identity

New partners authenticate with their own IdP and no custom integration. Duende brokers OIDC and SAML behind one model. Multi-Issuer isolates regions and partners without duplicating infrastructure.

One Policy Layer, Every Identity

Support operators, distributors, contractors, and thousands of edge devices in one system. Enable passkeys and MFA, scope partner access, and issue mTLS-bound tokens for machines, governed by one policy layer.

Compliance-Grade Security & Key Lifecycle

High-value transactions demand more than baseline security. Support FAPI 2.0 profiles with proof-of-possession for APIs. Automated key lifecycle management eliminates manual rotation, ensuring continuous compliance in isolated environments.

Benefit

Deploy Anywhere, Edge to Air-Gap

Ship into every deployment model. On-prem, private cloud, edge, and air-gapped. One license and one support relationship. No identity redesign required.

Customer-Operated

No vendor dependency in production. Runs inside your customer’s boundary, not yours.

Air-Gap as First-Class

No license-server dependency.

M2M at Fleet Scale

Issue and manage tokens for thousands of edge devices, and secure thousands of devices without re-architecture.

Multi-Region from One Deployment

Isolated identity, unified operations.

Quality-Audit Ready

Signed, queryable access records with automated key lifecycle. Automated controls, not manual processes.