Transcenda
Solutions / Aegis

One identity.
Every door it opens.

Transcenda Aegis is a managed identity platform for businesses — workforce SSO, customer login, MFA, audit-grade logs and a directory of every user — branded under your name, deployed and operated by us. Live at id.transcenda.io.

Auth
SSO · MFA · Passkeys
Realms
Workforce + customers
Hosting
UAE + EU replica
Audit
Compliance-grade logs
What we replace

The identity setups that cost UAE businesses every audit.

Shared passwords + ex-staff with access

VPN passwords in Slack. Salesforce logins shared across the desk. Ex-staff still in three systems six months after leaving. No clean answer to "who has access?".

Fragile DIY login screens

A login flow shipped two years ago by a developer who left. No MFA, no audit logs, no password-reset flow that actually works. One breach away from a bad week.

No audit trail, no compliance evidence

No reliable record of who logged in, from where, on what. Auditors want a CSV of every privileged session for the last 12 months — and you cannot produce it.

Auth0 / Okta pricing that scales painfully

You started at $0 / month. You grew. The bill is now $1,200 and rising linearly with users — for features you barely use. Time for a managed alternative.

Two identity stacks, one platform

Your team logs in. Your customers log in. Same platform, different rules.

Workforce identity (SSO across your internal SaaS) and customer identity (CIAM for your apps) have very different needs. Aegis runs both — separately, never mixing the data.

Workforce SSO
For your team

One login per employee, every internal SaaS, MFA mandatory, off-boarding in one click.

  • One login, every SaaS

    Connect every internal app once. Employees log in once, hit Google Workspace, Salesforce, Slack, GitHub, your in-house apps without typing a password again.

  • Off-board in one click

    Disable the user in Aegis. Their access disappears across every connected SaaS the same hour. No more "we forgot to remove them from Salesforce".

  • SCIM provisioning

    New joiner approved? Their accounts appear in every relevant tool, with the right group membership, automatically.

  • MFA enforced by policy

    Mandatory MFA for finance, optional for marketing — set per group, per app, per risk level. Passkeys for the leadership.

Customer Identity
For your customers

Branded sign-in for the apps you build — social, passwordless, account recovery, full consent control.

  • Drop-in branded login

    Sign in with Google, Apple, email, or phone — for your customers, on your apps, in your brand. Replace the fragile DIY login screen you shipped two years ago.

  • Account recovery + SSPR

    Self-service password reset, secure account recovery, device management — without a single support ticket.

  • Consent + data subject rights

    Granular consent capture, audit log of every consent change, one-click subject-access export. PDPL / GDPR-ready by default.

  • Passwordless + magic links

    WebAuthn passkeys, SMS / email magic links, push approval. Login flows tuned to your customer demographics, not the average dev-tool buyer.

What every Aegis tenant ships with

Identity, the way it should ship: complete, configurable, audit-ready.

Single Sign-On (OIDC + SAML)

One login per user across every internal SaaS — Google Workspace, Microsoft 365, Salesforce, Slack, GitHub, your in-house apps. Speak whichever standard the app speaks.

MFA + passkeys

TOTP, push, WebAuthn passkeys, SMS as fallback. Risk-based step-up: more friction for high-risk sessions, less for the trusted ones.

SCIM auto-provisioning

New hire approved? Their accounts appear automatically across every connected SaaS. They leave? Access vanishes the same hour, not three months later.

Branded login experience

Login pages, MFA prompts, password-reset emails — fully in your brand. No "Powered by" footer. No customer ever sees the underlying engine.

Multi-tenant realms

Separate realms for employees, customers, partners, contractors. Each with its own auth flows, branding and policies. Zero data crossover.

Audit-grade logs

Every login, every consent, every config change — immutable, exportable, streamable to your SIEM. Compliance-ready trail of who, what, when, from where.

Social + enterprise login

Sign in with Google, Apple, Microsoft, GitHub, LinkedIn — out of the box. Enterprise SAML and OIDC providers connected on demand.

Self-service + access reviews

Users reset their own passwords, manage devices, revoke sessions. Admins run quarterly access reviews with one-click sign-off — no spreadsheet.

Webhooks + custom flows

Hook into any auth event — login, MFA failure, signup, password reset. Bespoke flows (legal acceptance, KYC, age-gates) added per project.

Built for

From a five-person team to a six-brand holding group.

Holding companies & multi-brand groups

One corporate identity across every subsidiary. Employees move between brands without losing access; finance gets one access-review report instead of six.

Clinics, hospitals & regulated industries

Mandatory MFA, audit-grade logs, role-based access, PDPL-ready consent. The compliance evidence auditors are looking for, configured by default.

SaaS & consumer apps

Skip the build. Drop in branded login, social auth, MFA, account recovery — you ship features, not auth screens.

Multi-branch businesses

One employee account for HR, payroll, CRM, point-of-sale, the staff portal — across every branch and back-office system.

Startups outgrowing DIY auth

You shipped fast with bcrypt + cookies. You raised. Now investors are asking about MFA, audit logs and PDPL. We replace it without rewriting your app.

Agencies + integrators

White-label identity for the apps you build for clients — branded login, multi-tenant, billed by you. We run the platform, you keep the relationship.

Compliance + residency

The audit evidence, generated as you operate.

Identity is the most-audited surface in any business. Aegis ships with the controls and the logs auditors actually ask for, on by default.

Standard / lawHow we comply
Federal Decree-Law 45/2021 — PDPLIdentity records, audit logs and consents stored in UAE-region tenancy. Subject access export and deletion handled in-product.
ISO 27001-aligned controlsLeast-privilege access, MFA, immutable audit logs, separation of duties, encrypted-everywhere — the controls auditors are looking for, configured by default.
SOC 2 evidence packAuth event logs, access-review records and configuration history exportable in the formats your auditors expect.
Service packages

Three packages, sized to how many people log in.

Every quote is tailored to user count, app count and compliance posture. Tell us your stack, we come back with a fixed number within one business day.

Essential

Workforce SSO for one company. Get every team out of the password manager.

Best fit: small teams, single-company businesses up to ~50 employees.

  • Workforce SSO across your SaaS apps
  • Up to 50 active employees
  • MFA enforcement (TOTP, push, SMS fallback)
  • Branded login page
  • Audit logs (90-day retention)
  • Self-service password reset
  • Business-hours email support
Quote me Essential
Recommended
Professional

Workforce + customer identity, SCIM provisioning, passkeys.

Best fit: growing businesses, multi-app SaaS, regulated industries up to ~500 users.

  • Everything in Essential
  • Up to 500 active users (workforce + customers)
  • Customer identity (CIAM) with branded login
  • SCIM auto-provisioning
  • WebAuthn passkeys + risk-based step-up MFA
  • Multi-realm separation (employees · customers · partners)
  • Audit logs (12-month retention) + SIEM streaming
  • Extended-hours phone + email support
Quote me Professional
White-label
Enterprise

White-label, multi-tenant, custom flows, dedicated tenant.

Best fit: holding groups, hospital networks, agencies, large multi-tenant SaaS.

  • Everything in Professional
  • Unlimited users
  • White-label deployment under your domain
  • Dedicated tenant + private database
  • Bespoke auth flows (KYC, age-gate, legal acceptance)
  • Quarterly access reviews + delegated administration
  • Audit logs (7-year retention) + immutable export
  • Dedicated account manager + quarterly review
  • 24/7 support, 30-min critical SLA, 99.99% uptime
Quote me Enterprise
Implementation

Pilot in days, full migration in three weeks.

No carrier or hardware dependency. Once the SaaS apps are inventoried and SSO is connected, the rollout is mostly app-by-app integration and policy refinement.

  1. Days 1–3
    Discovery + identity inventory

    List of SaaS apps, user populations (employees, customers, partners), MFA policy, compliance needs. First admin tenant provisioned at id.transcenda.io.

  2. Week 1
    SSO connection + branding

    Connect each SaaS app via OIDC or SAML. Brand the login page, MFA prompts and emails. SCIM provisioning wired to the priority apps.

  3. Week 2
    Pilot rollout

    A pilot team migrates first. We watch the auth funnel, fix the rough edges, tune the MFA policy, refine the flows.

  4. Week 3
    Full rollout + handover

    Remaining users migrated. Audit logs streamed to your SIEM. Access-review schedule set. We stay on as managed service.

Ready to retire the password manager? One identity, every door.

Tell us how many users, which SaaS apps, and the compliance posture you need — we come back with a tailored package and a phased rollout. Or visit id.transcenda.io if you already have access.

Get a tailored quoteVisit id.transcenda.ioWhatsApp[email protected]