Hosted OpenID Connect & OAuth 2.0 server

Do you want to enjoy the benefits of having your own Connect2id server and not have to worry about its deployment and operation?

In mid July 2018 we’ll be launching a new service where you can subscribe for a fully hosted and managed Connect2id server, to provide highly-available single sign-on, identity and API access management to your applications.

OpenID Connect Login

Your OpenID Connect &
OAuth 2.0 server

Issue OpenID and OAuth tokens to facilitate single sign-on, identity provision and protect access to web APIs and other resources.

Identity federation

Federate identities,

Federate identities from trusted providers, organisations and partners. Enable social logins from Google, Facebook, Twitter, etc.

User database

Your user data stays with you

You can use your own existing user stores. The Connect2id server does not require access to your users’ credentials, which is a plus for security.

Identity federation

Bring your own policies

You are free to devise your own rules for login, consent and managing the token lifecycle. These can be scripted in any language you like.

World zones

High availability, in a region of your choice

You get a Connect2id server cluster for high availability, in a AWS data centre of your choice for quick and low-latency access from your applications.

World zones

Collect identity events and metrics

Collect key identity events and metrics in real time, for logging, audit and business intelligence purposes.


Monthly active users Connect2id server cluster Monthly price
Up to 10 000 2 VMs for high-availability and load balancing € 299
Up to 20 000 2 VMs for high-availability and load balancing € 599
Unlimited 2 VMs for high-availability and load balancing, will scale up to 4 on demand € 999

Billing is on a monthly basis. The prices don’t include European Union VAT (not applicable to customers outside the EU).

Subscribe to receive updates and gain early access

You can also follow us on Twitter.

Frequently asked questions

1. Where is my Connect2id server going to be hosted?

In the Amazon cloud (AWS).

2. Which AWS regions are available?

You can choose to have your Connect2id server cluster deployed in any one of the 16 EC2 regions, in North and South America, Europe, Asia and the Pacific.

3. Which Connect2id server version am I going to get?

Typically the latest stable version of the Connect2id server. Upgrades will be handled by us, transparently to you and with zero service downtime.

4. How can I configure my hosted Connect2id server?

  • With the help of a wizard in the admin console. The JWK set and master tokens will be generated automatically for you in the console.

  • By pasting the entire configuration as Java properties, including the JWK set, into the admin console.

We’re also working on providing a web API for configuring your hosted Connect2id server.

5. Which OAuth 2.0 grant types are supported?

The hosted Connect2id server is built to enable handling of the following OAuth grant types:

  • Authorisation code and implicit — The browser-based flows are handled via the authorisation session API (also see the login page guide).

  • Resource owner password credentials — Via a web hook that delegates validation of the submitted username and password to an external service.

  • Client credentials — Via a simple handler that bounds the scope of the issued token to those scope values set in the client’s registration.

Web based hooks for handling JWT and SAML 2.0 bearer assertion grants will be provided at a later stage.

6. Which OpenID claims sources are supported?

The hosted Connect2id server build includes two connectors for sourcing OpenID claims (attributes) about end users:

  • LDAP — To retrieve claims from a Microsoft Active Directory and other LDAP v3 compatible directory servers.

  • HTTP endpoint — A web hook for retrieving the claims from an external service.

7. Which OAuth client authentication methods are supported

All client authentication methods supported by the on-premise Connect2id server, save for self_signed_tls_client_auth (until client X.509 certificates become supported by Amazon’s ELB, or a viable work around is found).

8. What support is included in the subscription?

Basic email support with configuration. If there’s sufficient demand we may consider offering more comprehensive support plans, similar to those for the licensed on-premise Connect2id server.

9. What is the billing cycle?

Usage is billed every month, according to the number of active users for the period.

10. How are active users counted?

By counting the unique subject identifiers (end-user identities) in issued ID and access tokens during the billing period.

11. Do you issue VAT invoices?

Yes, we do, if the billed entity is located in the EU.