The SSOLO Authorization is a bank grade authorization service to check the user login credential in a very secure mode.
The auth server furnish you a authentication token that you can use in the your secure login process.
When a user registers in AUTH, the system performs many checks aimed at ensuring the identification of the person.
In addition to requesting the insertion of data such as name, surname, address, etc., the system will ask you to insert a proof of residence and
subsequently, after verifying the email, an identity document.
Why are you asked to insert the identity document via a link sent to the email entered by the user?
Simply to make sure that John Smitt is really asking to register and to avoid having stolen documents uploaded, for example.
Auth records and checks if the emails are blacklisted and after various checks, if there are no reports regarding the email address, it sends the
link to load the identity document.
Usually this procedure is completed in less than thirty seconds but, for some countries, it may take up to two days.
Once the user is verified and adheres to the KYC regulations (Know your customer), the account on AUTH will be made active and usable by the
providers connected to our service.
All users on AUTH are verified and secure.
All providers connected to the AUTH platform have the possibility of
having secure authentication of their users through the remote login
procedure offered by our service.
The authentication system has two levels of security, banking and
The banking security system is the default, the military one can be used
through specific APIs.
The customer, through the service portal registered on AUTH, enters the
username and password on the login page.
The credentials are sent to AUTH, which will carry out the following
Credentials are verified (login and password)
The public SSL key of the access portal is verified, this serves to
ensure that the login request comes from an authorized server.
It is verified, through DNS query, that the network address with
which the access server is presented is correct (we avoid receiving
requests from cloned servers).
It is verified that there are no login requests from the same user
from different sites in a reasonable period of time, for example if
we detect an access from London at 12.00 and subsequently an
access, with the same user from Manchester at 12.30 we will block
the account as with no means of transport it would be possible to
move from London to Manchester in 30 minutes.
If all these checks are successful AUTH will send an authentication
token to the access portal which will validate the login request.
You can find a user guide manual here.
You can use all programming languages to integrate the our authetication system on your site.
The SSOLO authentication server allow other servers to use the AUTH API for customer authentication.
The authentication procedure use a SCA (Strong customer authentication) and are compliant with GDPR (General Data Protection Regulation) .
To accept connection from external sites the SSOLO AUTH server need to know the SSL public key of any systems that need to ask the login authorization.
The pubkey permit to AUTH server to are shure of the origin of the request.
The service is free until 100 users, costs £0,50 cents/Month until 1000 users, £0,30 cents/Month after 1000 users.