Skip to content
Biometry

Authentication Overview

This page covers how users at partner organizations gain access to and log in to the Biometry Console. There are two login options:

Option 1: Email Registration (Waitlist)

This is the standard onboarding path for new partners.

  1. Register at the Biometry Console with your email address.
  2. Your registration enters a review queue. A Biometry administrator reviews and approves your account.
  3. Once approved, you receive a generated password by email and can log in immediately.
  4. A project is automatically created for your organization on first approval.

This option requires no additional setup on your side — it is fully managed by Biometry during onboarding.

Option 2: SSO (Single Sign-On)

Enterprise partners can log in using their existing corporate identity provider, so their employees do not need a separate Biometry username and password.

Biometry currently supports SSO via Okta (OIDC / OpenID Connect).

How the SSO login flow works:

Partner User
    
    
Biometry Console (https://console.biometrysolutions.com)
    │  clicks "Sign in with SSO" and enters tenant slug
    
Biometry Auth Service
    │  looks up tenant config, builds Okta authorization URL
    
Okta Authorization Server (your-domain.okta.com)
    │  user authenticates with corporate credentials
    │  Okta redirects back with authorization code
    
Biometry Auth Service
    │  exchanges code for tokens, provisions user if first login
    
Biometry Console
    └─ user is logged in

SSO requires a one-time setup by a developer at the partner organization and a tenant registration step with Biometry. See the Okta Integration Guide for full instructions.

Supported identity providers

ProviderProtocolStatus
OktaOIDC / OpenID ConnectSupported
Other OIDC providersOIDCPlanned
SAML 2.0SAMLPlanned

What gets provisioned on first SSO login

When the first user from a tenant logs in via SSO, Biometry automatically creates:

  • A project for the partner organization
  • An advanced subscription for that project
  • The user account with the partner role and owner project role

Subsequent logins from the same tenant reuse the existing project.

Which option is right for you?

Email RegistrationSSO
Best forSmaller teams, quick onboardingEnterprise teams with an existing IdP
Setup requiredNone — Biometry handles itOkta app config + tenant registration
Credential managementBiometry-issued passwordHandled by your identity provider
MFAManaged in Biometry ConsoleManaged by your identity provider