Face-verification SSO for internal apps
Makro Identity
One identity layer for teams that need sign-in to prove presence, not just passwords. Register a face, verify the person in front of the camera, then issue standards-based OAuth and OIDC tokens to the app.
matched98.4%
OAuth request
clienttest-client
pkceS256
Code issued
How it works
A short path from camera proof to application session.
01
Register a face
People verify corporate email, capture a frame, and become a known identity.
02
Verify presence
Camera or QR handoff confirms the same person is approving the sign-in.
03
Issue tokens
Authorization code plus PKCE returns OIDC tokens to the registered app.
Try the demo
Walk through registration, face login, and token inspection.
The sample relying party runs the same OAuth flow an internal app would use. Enroll a demo face first, then sign in and inspect the returned access, ID, and refresh tokens.
Built for internal apps
The admin surface stays close to the protocol surface.
RS256 access and ID tokens
OAuth code, refresh, and device flows
Client role assignments
Face login audit trail
Anomaly detection
JWKS and discovery endpoints