True multi-tenancy
Each tenant gets its own issuer context plus tenant-scoped configuration and data access.
Core featureTuurio ID combines secure login, managed profiles, and delegated handling for agencies, SaaS teams, associations, schools, and communities.
From secure login and passkeys to managed profiles, auditability, and delegated handling.
Each tenant gets its own issuer context plus tenant-scoped configuration and data access.
Core featureTOTP and passkeys/WebAuthn including brute-force protection.
SecurityOwn colors, own CSS, and own login domain for branded identity experiences.
Roles and permissions per tenant, including domain restrictions.
Own permission sets per app and tenant, directly as token claims.
Complete audit trails for compliance and forensics.
NIS2 supportUI and mails in DE, EN, FR, IT, ES with automatic language detection.
Standards-compliant OAuth 2.0 / OIDC provider with discovery, JWKS, and standard integration patterns.
Create profiles without credentials, assign responsible managers, and keep continuity when a login is added later.
Google, Microsoft, Apple, GitHub, plus custom SAML/OIDC providers.
Separate the real person from the account without losing operational clarity.
Useful for associations, schools, communities, member systems, and any workflow where some people self-manage while others are represented by responsible members or staff.
Start with the real person, not the login account.
Model parents, guardians, staff, or responsible members without shared passwords or workaround accounts.
When a managed profile receives its own login, the profile stays the same record.
{
"sub": "user_123",
"iss": "https://tenant.id.tuurio.com",
"permissions": [
"invoice:read",
"project:write"
]
}
Your app validates the token while Tuurio handles login, profile, and relationship management centrally.
View integration