Our Solutions - soffid.com
Soffid provides full Single Sign On experience and full identity governance features. All in an open source, efficient and powerful software product. Security and productivity is now affordable.
Single Sign on, Identity governance, IAM, Identity and access management, Open Source, free IAM, open source IAM
page-template-default,page,page-id-2691,ajax_fade,page_not_loaded,,qode_grid_1300,qode-child-theme-ver-1.0.0,qode-theme-ver-10.1.1,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

Our Solutions

Single Sign On (SSO)

Complete Solution for Enterprise and Web Single Sign On

Access to corporate applications must be secure, but it must also be simple, fast and accurate.

And this is exactly what Soffid’s Single Sign On provides.

Enjoy a complete Single Sign On experience and take full advantage of your company’s potential.

Identity and Access Management (IAM)

Soffid is a fully integrated software that provides Role Management, Identity Provisioning, Business Workflows, Certification, Reports, Audit and Legal Compliance, Federation, Privileged Account Management and much more.

We believe that complete identity governance solutions should not force a decision between performance and cost, Soffid provides maximum performance at the lowest cost in the market.

Soffid reduces IT costs while increasing security in your business.

Soffid offers top features of Single Sign On and Identity Government for a fraction of the cost. Finally you can be quiet, it is now possible to obtain security and productivity in the same product.

Single Sign On

Enterprise Single Sign On

It is a fully managed enterprise single sign on solution that improves the security of technological resources and at the same time reduces operational costs caused by the loss of passwords, authentication delays and changes of address.

Provide a complete Single Sign On experience without the need to modify applications. It is fully supported on Windows and Linux.

Web Single Sign On

It is a versatile single sign on web module that automates the web authentication process and provides a central point for deploying enterprise web applications.

The XACML module provides very granular access control, even for legacy applications.

Unified Directory

It is a functionality that ensures that all authoritative sources are always synchronized. This functionality is ensured by the Soffid synchronization engine and is completely transparent to the end user.

Soffid provides a powerful engine with great simplicity of use. Directory provisioning, manual reconciliation, bidirectional password synchronization, and high availability architecture is always assured when you are using Soffid.

Self Service Portal

It is a unique and versatile web interface where the end user can consult or change their credentials, manage business workflows, manage their profile or launch applications.

All from a single point of entry. Productivity is only maximized if the product is designed in a simple and easy-to-use way. And so we did!

Identity Management: Provisioning

Enjoy Identity Governance functionalities to improve security and business functionalities.

Role management and provision of identities, business workflows, attestation, reports, and much more.

User Provisioning

The user provisioning is made through the connectors or agents that connect Soffid with the repositories. These agents can act either way, either by creating or modifying user accounts in the managed system, either by registering existing user accounts in the managed system in Soffid.

Soffid currently has a series of standard connectors that make it possible to integrate the most common user repositories in a very simple way.

Role Management

Although from the technical point of view the roles are grouped into repositories, from the organizational point of view they are grouped into applications or information systems. For each information system the roles that belong are defined as well as the list of responsible for the application.

In addition, the person in charge of the information system can define risk levels associated with the roles. Thus, for each role or set of roles, you can assign a level of risk of entering the values «Low», «Medium», or «Forbiden».

Business Process Motor

Soffid incorporates, extends and improves the JBPM jBoss engine. With this engine, Soffid allows the definition of decision and management flows, due to its unique characteristics:

  • Graphic editing interface, based on Eclipse.
  • Programmable events in compiled java or interpreted bean shell.
  • Ability to execute tasks with and without manual intervention.
  • Ability to execute synchronous and asynchronous tasks (planned in time).
  • Ability to create multiple flows of parallel execution (token) within the same process.
  • Ability to create child processes of an existing process.
  • Ability to require electronic signature of manual tasks. Signatory certificates can be stored on the host operating system or on cryptographic cards
  • Integration with document management systems for the generation and management of documentation attached to the processes.

Attention in the context of the Identity Government implies having the tools to review and confirm the present status of permits and authorizations.

Roles definition:

  • The application owner will validate the permissions assigned to each application role.
  • Optionally, the information technology security officer will confirm the previous review.

Role assignment:

  • The head of each department will validate the set of permissions that must be assigned to each user in each department.
  • The responsible for each application will validate the set of permissions assigned to the users of said application.
  • Optionally, the Information Technology security officer will confirm the previous review.
  • These processes can be reviewed and validated in real time by the head of the Information Technology department.

Soffid supports the generation of reports from multiple points of the console (using the iReport standard), both related to identities and authorizations, events, auditing and others. The information shown can be exported to spreadsheets by clicking the mouse.

For the preparation of periodic reports, the planning of offline reports is allowed for scheduled delivery to the predetermined recipients.

Identity Management: Audit & Compliance

Enjoy high standards in identity governance functionalities.

This package is equipped with federation functionalities, privileged account management, low level permits, separation of functions and recertification processes.


All the actions that are carried out are stored in the Soffid database. This information can be consulted by Soffid or by any external software.

Audit systems can be connected to external systems or to the Security Information Event Management System (SIEM) to configure more complex analyzes or alert systems.

The traceability of the actions carried out in Soffid is threefold:

  • First, any action taken on Soffid objects (users, accounts, permissions, authorizations, etc.) is registered in the internal database, indicating the action taken and the object on which it is applied.
  • Secondly, any change made by Soffid on the managed systems is recorded, being able to identify when and how the synchronization engine applies the requested changes.
  • Finally, the details of all the actions carried out as part of the application and approval processes for accounts, permits, etc. are recorded.

Being the audit in database, its exploitation through query or SQL tools offers maximum flexibility. To facilitate its integration with SIEM tools, active forwarding of audit records to the SIEM tool is activated, using the SYSLOG protocol.


The Federation allows the integration of Soffid with the most used cloud services without the need to share passwords with external providers. It is compatible with the SAML federation, as well as with OpenID.

Privileged Accounts Management

Soffid allows you to manage shared accounts that can be used by more than one user. Each of these accounts may have an access control list specifying, either directly, or indirectly, who can make use of the said account.


As it could not be otherwise, all uses and accesses to shared accounts are conveniently audited.

Low permissions

Soffid delegation management it is easy.

  • It allows certain users to create / modify other accounts, users, groups, applications, roles, etc. based on their role, in their organizational unit or granted roles.
  • The permissions scheme limits the scope of users, accounts, groups or roles that can be consulted by other users.
  • Optional XACML (eXtensible Access Control Markup Language to define attribute based control policy) module available.

Soffid manages the whole process to generate new certificates for specific applications and users and integrates perfectly into the Soffid workflow engine.

Soffid allows the simplification of a complicated process to maximize the productivity of the company without compromising security.

Role mining

The Soffid role mining module applies data mining techniques to create business profiles based on the permissions currently assigned.

In this context, the tool allows the administrator to select the strategy that best suits their needs:

  • Highly customized profiles
  • Very general profiles
  • Balanced environments

Next, the tool minimizes a function that represents the cost of administration and management of these accounts and then suggests which roles you should use.

This functionality allows to minimize the number of roles that must be active in a specific system, helping to reduce the total number of time and resources that we should devote to maintaining that system.