Calimatic
Platform Features

Powerful identity, access, and security features

Everything you need to manage authentication, authorization, and user identity — from startup to enterprise scale.

Single Sign-On (SSO)

Core

Connect any identity provider with enterprise-grade SSO. Support SAML 2.0, OIDC, social login, and directory services from a single configuration panel.

  • SAML 2.0 service provider
  • OIDC relying party
  • Google Workspace connector
  • Microsoft Entra ID connector
  • LDAP directory integration
  • Just-in-time provisioning

Multi-Organization Management

First-class multi-tenancy with isolated organizations, custom plans, domain routing, and per-org settings — all managed from a single admin console.

  • Organization types and plans
  • Custom domain routing
  • Per-org feature limits
  • Org-scoped user management
  • Hierarchical org structures
  • Bulk org provisioning

Role-Based Access Control

Define granular permissions with custom roles, role hierarchy, and organization-scoped assignments. Control access at every level of your application.

  • Custom role definitions
  • Permission-based access checks
  • Role hierarchy and inheritance
  • Org-scoped role assignments
  • Built-in admin/user/viewer roles
  • API-level permission enforcement

Application Licensing

A three-layer licensing model that separates app registration, organization enablement, and individual user access for maximum flexibility.

  • App client registration
  • Org-level app enablement
  • Per-user license assignment
  • Auto-assignment on invite
  • License usage analytics
  • Seat-based limits

Login Branding

Customize the login experience for every organization and application. White-label your auth flows with custom logos, colors, and messaging.

  • Per-org custom branding
  • Per-app login themes
  • Custom logo and colors
  • Custom login messages

Audit Logging

Immutable, comprehensive audit logs for every security-relevant action. Meet compliance requirements with configurable retention and export options.

  • Immutable event log
  • Login/logout tracking
  • Admin action recording
  • Configurable retention
  • CSV/JSON export
  • Real-time log streaming

OAuth2/OIDC Server

Core

A full-featured OAuth 2.0 and OpenID Connect authorization server with PKCE, token introspection, and dynamic client registration.

  • Authorization code + PKCE
  • Client credentials flow
  • Token introspection endpoint
  • JWKS and discovery endpoints
  • Dynamic client registration
  • Refresh token rotation

API Key Management

Issue scoped API keys with fine-grained permissions and expiration policies. Perfect for service-to-service and CI/CD integrations.

  • Scoped API keys
  • Expiration policies
  • Permission-based scoping
  • Key rotation support

Database Integration

Sync user directories from external databases. Connect to SQL Server, PostgreSQL, and MySQL with scheduled or real-time sync.

  • SQL Server sync
  • PostgreSQL sync
  • MySQL sync
  • Scheduled sync jobs
  • Custom field mapping
  • Conflict resolution

User Provisioning API

New

A unified API for creating, importing, and managing users across all your applications. Supports single provisioning, bulk import, and SCIM 2.0 for enterprise integrations.

  • Single user provisioning
  • Bulk import (up to 500 users)
  • Email deduplication
  • SCIM 2.0 protocol support
  • Auto-licensing on provision
  • External ID mapping

Webhooks & Real-Time Sync

New

Subscribe to user lifecycle events and sync changes to your applications in real time. HMAC-signed payloads with automatic retries and delivery logging.

  • User lifecycle events
  • HMAC-SHA256 signed payloads
  • Automatic retries with backoff
  • Delivery status logging
  • Per-org webhook scoping
  • Auto-disable on repeated failure

Developer Experience

A platform built for developers. Complete REST API, comprehensive documentation, OIDC discovery, and integration guides for popular frameworks.

  • Full REST API
  • 4 getting-started guides
  • OIDC discovery endpoint
  • Next.js integration guide
  • React SDK examples
  • SCIM 2.0 support

Enterprise Security

Enterprise

Enterprise-grade security at every layer. AES-256-GCM encryption, MFA support, password policies, account lockout, and session management.

  • AES-256-GCM secret encryption
  • Multi-factor authentication
  • Configurable password policies
  • Account lockout protection
  • Session management
  • Security headers enforcement

Ready to explore these features?

Start building with Calimatic Identity today — free for up to 100 users.

Get Started FreeRead the Docs