By the makers of KeySuite

One keychain, every door

Authentication, without the headache.

Your users authenticate once. They access all your tools. Standard SSO, MFA included, zero password management.

Read the documentation Become a partner
Standard OIDC Hosted in France MFA included GDPR native
The problem

Not another login form.

Every tool has its own login

01

Passwords everywhere

Your users juggle dozens of credentials. Each tool has its own rules, its own resets.

02

No unified view

Impossible to know who has access to what. An employee leaves? Accounts lingering in 5 different tools.

03

Fragmented security

No unified MFA, no centralized audit, no consistent password policy.

04

Complex integration

Each partner must reinvent the wheel: login form, password hashing, sessions, recovery...

The solution

One keychain for the whole ecosystem.

Trousseau handles authentication.
You handle your business.

Trousseau
OIDC Identity Provider
Standard SSO
KeySuite
Main app
Your app
OIDC Client
PMS
Partner
Others
Ecosystem

Trousseau handles

  • Identities and passwords
  • MFA (TOTP, WebAuthn, recovery)
  • Sessions and OIDC tokens
  • Password recovery
  • Provisioning API
  • Authentication audit

You handle

  • Your business logic
  • Your application permissions
  • Your user data
  • Your interface
  • Your organizations
  • Your billing
Progressive integration

Start simple.

Three scope tiers, based on your needs

Tier 1

Standard OIDC

openid email profile

User identity: name, email, avatar. Works with any OIDC library, any language.

Tier 2

Trousseau Context

trousseau:context

Stable cross-app user ID and locale preference. For cross-application correlation.

Tier 3

Organization

trousseau:organization

Organization memberships: id, name, role. For B2B partners.

Security

No compromise.

Enterprise-grade security,
without the effort.

10+
Minimum characters
Uppercase, lowercase, digit, symbol required
zxcvbn
Score 3+ required
Rejects weak patterns even when rules pass
HIBP
Breach check
Checked against Have I Been Pwned (k-anonymity)
MFA
Optional, native
TOTP, WebAuthn (passkeys), recovery codes

Ready to integrate?

Get started in minutes

Follow the step-by-step guide to connect your application. Standard OIDC, code examples included.

Getting Started → Claims Reference