A User Store, Built For What’s Next

A first-party, .NET SDK for user management, profiles, authentication, and lifecycle management tightly integrated with Duende IdentityServer. Passwords, MFA, and passkeys built in.

View Documentation View Pricing & Tiers

Passkeys, Passwordless, and Everything After

Every identity system starts with users. Yet, too many .NET teams are still building on foundations never designed for modern identity challenges. The reality? You're stuck with security pitfalls, rigid schemas, and bespoke, complex work just to support passkeys and passwordless login. Duende User Management replaces legacy databases and home-grown systems with a modern, extensible user store built to scale securely.

Native User Store

A purpose-built, extensible user store with self-service registration, profile updates, and credential management. Admin-level controls for enabling/disabling user profiles and credential reset. Dynamic attribute system that can be changed at runtime without database schema changes. Multi-database support: SQL Server, PostgreSQL, SQLite.

Passwords, MFA, and Passkeys Built In

Modern authentication patterns out of the box. Passwords, TOTP/OTP, MFA, and full passkey support with attestation validation included.

Roles and Groups

Built-in support for role and group membership management, making it straightforward to model organizational structures and permission boundaries.

Capabilities

Each capability represents weeks or months of engineering time that Duende User Management converts into configuration or composition work. For both product and service-based organizations, this translates directly to features shipped sooner and market opportunities captured faster.

Add passkey login: Configuration with attestation validation included. Ship in days, not in a migration cycle.
Support dynamic user profile schema: Runtime field management, indexing and complex querying. No database migration or deployment required.
Enable passwordless onboarding for a new market: Activate the OTP flow and configure your SMTP provider. Done.
Add step-up authentication for high-value transactions: Compose existing auth flows. The system was designed for this.
Migrate users from an acquisition: Use the built-in import API with password hash preservation, not a manual ETL or parallel-run period.

How to Get It

.NET SDK, installed via NuGet, natively integrated with IdentityServer. Your data, your deployment, your extensibility without the per-MAU pricing surprises of black-box identity platforms.

User Management is included as a capability across Duende IdentityServer tiers, with usage bands that scale with the number of licensed users stored in your UM database: