Curity Identity Server
API security tools
Multi-factor authentication (MFA) software
Customer identity and access management (CIAM) software
Identity and access management (IAM) software
Passwordless authentication software
Single sign-on (SSO) solutions
Cloud security software
Identity management software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Curity Identity Server and its alternatives fit your requirements.
Contact the product provider
Free TrialFree version
Small
Medium
Large
-
What is Curity Identity Server
Curity Identity Server is an identity and access management platform that provides OAuth 2.0 and OpenID Connect-based authentication and authorization for applications and APIs. It is used by security and platform teams to centralize login, token issuance, and access control for customer-facing and internal services. The product supports standards-based federation, single sign-on, and step-up authentication flows, and it is typically deployed in cloud or containerized environments. It also provides extensibility for custom authenticators and integration with external identity sources.
Standards-based OAuth/OIDC server
Curity Identity Server focuses on implementing OAuth 2.0 and OpenID Connect flows for issuing and validating tokens used by applications and APIs. This standards alignment helps organizations integrate with a wide range of clients, gateways, and downstream services without proprietary coupling. It supports common patterns such as authorization code with PKCE, refresh tokens, and token introspection for API authorization.
Flexible authentication and federation
The product supports multiple authentication methods and federation to external identity providers, enabling SSO and step-up authentication scenarios. It can integrate with enterprise directories and third-party identity sources to avoid duplicating user stores. This flexibility is useful when different applications require different assurance levels or when migrating identity providers.
Deployment control for regulated environments
Curity Identity Server is commonly deployed in customer-controlled infrastructure, including on-premises and Kubernetes-based environments. This deployment model can help meet data residency, network segmentation, and operational control requirements that are harder to satisfy with fully managed identity services. It also allows teams to align patching, monitoring, and change management with internal security processes.
Requires IAM implementation expertise
Deploying and operating an OAuth/OIDC authorization server typically requires specialized knowledge of identity protocols, token lifecycles, and secure client configuration. Teams often need to design and test flows for web, mobile, and machine-to-machine use cases to avoid security gaps. Compared with more turnkey offerings, initial setup and ongoing tuning can be more involved.
Not a full API security suite
While it provides authentication and authorization primitives for APIs, it does not replace broader API security capabilities such as runtime API discovery, behavioral anomaly detection, or automated API testing. Organizations usually pair it with separate tooling for API inventory, threat detection, and posture management. This can increase integration work across security and platform stacks.
Customization increases maintenance burden
Using custom authenticators, policies, or bespoke integrations can create additional upgrade and regression-testing effort over time. Organizations may need to maintain internal expertise to support these extensions and ensure they remain secure. This can be a constraint for smaller teams or those seeking minimal operational overhead.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Community Edition | Free | Technically-complete OAuth implementation; community support; "Get Started" available on site. |
| Standard Edition | Custom pricing — flat annual subscription; contact sales | Complete platform for apps and websites; unlimited users; same features as Community plus unlimited authentication methods, Hypermedia Authentication API (HAAPI), unlimited databases/repositories, Curity SDK; on-premise or cloud deployment; "Download Free Trial" available. |
| Enterprise Edition | Custom pricing — flat annual subscription; contact sales | For large-scale/multi-team deployments; unlimited users; includes DevOps Dashboard and OAuth Tools app, SAML IdP, 24/7 support; multi-cloud/on-premise options; "Download Free Trial" available. |
| Token Handler | Custom pricing — flat annual subscription; contact sales | Token verification/handler for Single Page Applications and browser authentication; works with any IAM/IdP; unlimited users/APIs/applications; compatible with API gateways; "Contact Sales" for pricing. |
Seller details
Curity AB
Stockholm, Sweden
Private
https://curity.io/
https://x.com/curityio
https://www.linkedin.com/company/curity/
