Introducing the next era of Duende IdentityServer.

Read our CEO’s announcement
Start for Free

AI Agents Need Identity, Too

Bring AI agents and AI-native developer workflows into a Duende-protected system without bolting on a second security layer. Standards-based registration, discovery, and authentication for agents all running on the same identity infrastructure you trust.

View Documentation View Pricing & Tiers
digital globe graphic

Where AI Meets Identity, Thoughtfully

Duende serves the world's most discerning organizations. We give them what they need to follow specs and standards — we don't take unnecessary risk. Our AI & Identity capabilities span three layers: how agents enter your system at runtime, how Duende accelerates developers through AI tooling, and the institutional protocol expertise that backs both.

Agent-to-System: Runtime Protocols

Agents that arrive correctly identified. What AI agents need to register, discover, and authenticate against a Duende-protected system, all built on standards your security team already audits." to "Have your agents arrive correctly identified. Everything AI agents need to register, discover, and authenticate against a Duende-protected system, all built on standards your security team already audits.

  • Dynamic Client Registration (RFC 7591). Agents self-register within your security context.
  • Authorization Server Metadata (RFC 8414). Programmatic endpoint and scope discovery.
  • MCP Security Architecture (IdentityServer v7.4 · 2025). Production-ready agent → auth → scoped token → MCP flow.

Dev-To-Agent: Build-Time Presence

Reach developers through the tools they already use. Duende shows up inside Copilot, Cursor, Claude, and other AI coding assistants as verified, compliant context.

  • Documentation MCP Server. Fifteen years of Duende docs served as compliant agent context.
  • Agent Skills. Prescriptive guidance packages that inject Duende's opinionated architecture into AI workflows.
  • Agent-Friendly Docs. Machine-readable site index (llms.txt) and content signals for clean AI ingestion.

Expertise: Institutional Moat

Knowledge that can't be regenerated. Fifteen years of regulated deployments. Edge cases, compliance nuance, and production scar tissue that LLM-generated implementations can't replicate from training data alone.

  • OAuth 2.x · OpenID Connect. Full surface-area experience, including edge cases the specs don't document.
  • FAPI 2.0. Production deployments for regulated institutions where the profile is non-negotiable.
  • SAML 2.0. First-class support for environments where SAML federation is required.

Included with Duende IdentityServer

The AI & Identity capability set is bundled across Duende IdentityServer tiers. No separate SKU, no add-on license. The runtime layer is available on every supported tier; the build-time layer is enabled at Standard and above.

View Documentation View Pricing & Tiers

Tier

What's Included

Community Edition RFC 7591 · 8414 (Runtime layer included)
Lite + MCP Security (Full runtime stack)
Standard + Agent Skills (Runtime + build-time)
Advanced + FAPI 2.0 (Financial-grade profile)
Custom Up to Unlimited (Everything, tailored)

Ready When You Are

Bring agents into a system that already understands identity. Fifteen years of OAuth, OIDC, FAPI, and SAML implementation experience now extended to the AI clients writing code against your APIs and the agents calling them at runtime.

View Pricing & Tiers View Documentation
CTA Background