Authentication Overview

Authentication in TozID is handled differently than most traditional identity management platforms. Here we'll look at what makes TozID different.

Traditional Authentication

To understand how TozID is different its important to understand how traditional authentication ocurs. In most identity platforms a user sets a username and password and that information is transferred to a server and then encrypted and stored. When a subsequent login is attempted the credentials you enter are transmitted to the server, encrypted and compared against the stored value. If they match you're allowed in and if not you're denied access.

TozID Authentication

In TozID the credentials you enter in your mobile device or browser are never transmitted in plain text. We derive a set of encryption keys using PBKDF (Password Based Key Derivation Function) and sign a request to TozID to look up credentials. If your public key is found we return a set of encrypted credentials and your derived keys are used to decrypt the returned payload and then be able to issue a subsequent request for JWT.


TozID retains compatibility with all standard SAML, OAuth, and OpenID Connect workflows. We provide quick integrations through our catalogue of applications and you can be up and running in minutes. Additionally TozID continues to protect your users credentials with end-to-end encryption in that sign in process with cryptography all the way to the edges of your infrastructure.