Secfense IdP is an Identity Dispatcher that enables enterprises to adopt passwordless authentication without replacing existing Identity and Access Management (IAM) systems. It supports SAML, OIDC, and OAuth 2.0 protocols, allowing applications and VPNs to authenticate users via FIDO-compliant passkeys stored on user devices. Rather than acting as a traditional Identity Provider, Secfense IdP routes authentication requests through an on-premises User Access Security Broker (UASB), which verifies credentials against existing identity stores such as Active Directory. This architecture keeps user identity data within the organization's own environment. Authentication flow: - Users initiate login at an application or VPN - The request is redirected to Secfense IdP - Credentials are encrypted and forwarded to the on-premises UASB - The UASB verifies credentials against the configured IAM (e.g., Active Directory) - Upon successful verification, users register a passkey (public key stored on Secfense IdP, private key on device) - Subsequent logins use passkey-based authentication without passwords Secfense IdP uses asymmetric cryptography, eliminating the need to store or transmit passwords. TCP long polling maintains a persistent, secure connection between Secfense IdP and the on-premises UASB. The product supports both SaaS applications and VPNs with customizable registration and authentication flows, and is designed to meet regulatory compliance requirements.