Open source SSO and Identity and Access Management -
Soffid provides full Single Sign On experience and full identity governance features. All in an open source, efficient and powerful software product. Security and productivity is now affordable.
Single Sign on, Identity governance, IAM, Identity and access management, Open Source, free IAM, open source IAM
page-template,page-template-full_width,page-template-full_width-php,page,page-id-16,page-child,parent-pageid-14,ajax_fade,page_not_loaded,,qode_grid_1300,qode-child-theme-ver-1.0.0,qode-theme-ver-10.1.1,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

Open source SSO and Identity and Access Management


Soffid is an open source software for SSO and Identity and Access Management fully accessible, free and open.

Good quality software does not imply a high price tag.

Soffid software is designed from scratch to be a fully integrated identity governance solution.

Other Identity and Access Management solutions are a combination of different pieces of software integrated to solve an specific problem, which leads to several integration and compatibility problems. Soffid is a single software product, with no integration problems.

Soffid provides a single, simple and intuitive web interface as a single point of administration.

This is what we call the Soffid console. Avoiding several points of access to the tool, we enhance productivity and scalability of the tool.

Shared and privileged account management based on role based access control.

Extra layer of security for privileged accounts where only 1 user may be used at a time and with fully audited usage

Identity federation available to the end user.

Soffid Identity Provider using the SAML protocol takes care of managing the SAML, OpenID or Oauth bridges with the different external identity providers

Enterprise Single Sign On

A fully customisable login interface, auto-deployment of business applications within the start menu, integration with any web, windows or java application, and available to manage shared and single user desktops.

Fine tuning permissions based on organisation role, organisation unit or granted roles.

Also XACML optional module available to define attribute based control policy

Web Single Sign On available for web applications.

Full single sign on and single sign out experience for any web application with SSO sessions tracking built-in

Self service portal

A single, simple and intuitive web interface for the end user to manage their own profile, request passwords, access directly to their applications and manage their own business processes.

Soffid has directory synchronisation capabilities to keep all authoritative source always completely synchronised.

This synchronisation can happen both unidirectionally or bidirectionally upon administration decision.

The role mining module helps you optimise the number of roles or business profiles.

The module uses data mining techniques and minimises a cost function that is related to the cost of administration of the system. Therefore, it suggests the administration to use a certain set of roles that would lead to more simple and agile administration of the complete system.

Separation of duties allows maximisation of the productivity of the company.

For instance it detaches application authorisation processes from user registration processes. Each department can focus on what they do best and the business process manager and the separation of duties module deal with task delegation.

Business Process Manager

A fully integrated engine to manage both end user and system tasks to enhance the productivity of the team. This is a complement of a paramount importance for a productive Identity and Access Management tool.

Software products


Soffid core:

A set of Spring services that contain the underlying identity management logic as well as the managed systems bindings. This core includes a Spring service access layer through standard EJBs.

Soffid repository:

Soffid supports a certain number of relational data base engines including MariaDB, MySQL, Oracle and SQL Server. The whole information regarding identities, user accounts, password and configuration is stored in this database.

Soffid sync servers:

These servers are in charge of provisioning users into managed systems, as well as gathering information about user accounts to be loaded into Soffid. In addition, it handles enterprise single sign on desktops, its authentication and session control.

Web console and self service:

A simple and fully intuitive web layer -Soffid Console- provides access to the core module of Soffid, allowing the administration to have full access to all functionlities remotely, accross all platforms and without the need of using any programming language.

At the same time, another web layer -SelfService- allows the end user to manage their account, all their applications and all their tasks in the context of the business workflows.

Soffid Architecture

IAM Solution Open Source

Enterprise single sign on:

This module can be installed on user desktops with Ubuntu Linux or Microsoft Windows operating system. It allows desktop access control and it provides full single sign on experience accross web and desktop applications

Main Modules

Soffid Console

This the main module of Soffid. This is the first module that needs to be installed and it is the main coordinator of all the Soffid Identity Governance logics. The Soffid console is installed and it runs as a service both in Linux and Windows machines and it is accessed via a web portal.


Soffid Sync server

This module is in charge of the provisioning users into all managed systems as well as to gather the information from these systems that needs to be loaded into Soffid repositories. This module can be installed in the same server as the console or it can be installed on a different server as long as communication between both servers is available.


Enterprise Single Sign On

This module can be installed on user desktops with Ubuntu Linux or Microsoft Windows operating system. It allows desktop access control and it provides full single sign on experience accross web and desktop applications.




These modules are designed to allow the communication of the main modules of Soffid with particular domain controllers or specific managed systems. We have a connector to the most widely used systems. SAP connectors and Lotus Domino connectors are the only ones that are not available under the open source license. Their installation can be done directly through the web console via the simple upload of a file.

  • Available connectors

    • Windows connector (including Active Directory)
    • LDAP plugin
    • SCIM connector
    • SQL plugin
    • Zimbra connector
    • Google apps connector
    • Zarafa connector
    • CSV plugin
    • SAP connector
    • Lotus Domino connector


These modules are adding extra functionality to the main components of Soffid. Their installation can be done directly through the web console via the simple upload of a file. State of the art functionalities in the Identity Governance sector such as Role Minining or Recertification process are available through these Addons.

  • Available Addons

    • Federation
    • Role mining
    • Password recovery
    • Reporting
    • Recertification addon
    • Recertification process
    • Recertification group process
    • Recertification user process

Suported platforms


Soffid is supported in the most common Information Systems platforms. We are working constantly to add new platforms to our compatibility list. If you have some suggestion or request, please let us know. We are always happy to hear our audience.

  • Soffid system

    • Red Hat 6
    • Windows server 2003 – 2012
    • Ubuntu Server 12.04, 14.04
    • SQL Server 2008 – 2012
    • Oracle 9
    • Maria DB 5.5
    • MySQL 5.5

  • Enterprise Single Sign On

    • Windows XP 32 bits
    • Windows Vista 32 y 64 bits
    • Windows 7 32 y 64 bits
    • Windows 8 32 y 64 bits
    • Windows 10 32 y 64 bits
    • Ubuntu 12.04
    • Ubuntu 14.04
    • Ubuntu 16.04

  • Target Systems

    • Active Directory
    • Oracle Internet Directory
    • iPlanet Directory Server
    • Open LDAP
    • DS/389
    • Red Hat 5
    • Ubuntu 12.04
    • Windows Server 2000
    • AS/400
    • SAP R/3 *
    • Oracle eBusiness Suite *
    • PeopleSoft *
    • Lotus Domino
    • Postfix
    • MS Exchange
    • Informix
    • Postgresql
    • MariaDB / MySQL
    • Oracle
    • SQL Server

Source code and Documentation


Source Code:

Soffid is open source software, therefore its source code is free and fully available. Please feel free to browse all Soffid source code:


Soffid documentation:

Soffid is a live piece of software that gets constant improvements and upgrades. During this constant evolving process, Soffid’s documentation is also being improved and updated in our documentation repository. Click here to find install instructions, description of Soffid characteristics and software documentation.