Use Logto as a SAML identity provider.

A set of APIs and rules that allow end-users to update their identifiers and profile.

A set of framework-agnostic web components that can interact with Account API.

Collect mandatory and optional profile fields during user registration.

Support multiple custom domains and render different sign-in experience brandings according to the domain.

Then no password is required for sign-in.

Authenticate users via API. No redirect needed.

Support RFC 8628: OAuth 2.0 Device Authorization Grant.

Customize policies to control authentication, such as username rules, IP blacklist / whitelist, verification code expiration, etc.

Allow to use code-based configuration to provision role-based access control, for example, a YAML file.

A set of framework-agnostic web components that can interact with Experience API.

A set of framework-agnostic UI elements that can be customized and integrated within your apps.

Trigger MFA according to the current risk level, e.g. a new device.

Duplicate dev tenant configurations (connectors, roles, resources, etc.) to a new production tenant.

An out-of-the-box solution that allows org admins to manage identities, organization profiles, and set up enterprise SSO themselves.

System for cross-domain identity management APIs.

Support Client Initiated Backchannel Authentication (CIBA) Flow.

Block users at the login stage if they come from a specific app. This will essentially enable app-level authentication (beyond just branding).

Implement RFC 9396 and provide some useful feature around it.