VeriLink enables software platforms to implement passwordless authentication and centralized identity management usage based, secure, and built for scale.
VeriLink replaces legacy password infrastructure with a zero-friction identity layer built natively for software platforms.
Send one-time login links directly to user inboxes. No passwords to remember, reset, or compromise. Works out of the box with any email provider.
Bind authenticated sessions to specific devices using persistent encrypted cookies. Prevents session hijacking and token replay attacks automatically.
Restrict and monitor authentication attempts per IP range. Detect anomalous login patterns and block suspicious traffic before incidents occur.
Drop-in OIDC provider compatible with any platform supporting OAuth 2.0. Integrate with your existing stack in hours, not weeks of custom development.
Monitor active users, authentication events, and policy violations in real time through a clean, developer-friendly dashboard with full audit trails.
Trigger a second factor only when risk signals warrant it. Smart MFA that doesn't burden trusted users or miss high-risk authentication attempts.
No passwords. No friction. Just a link and a click here's how VeriLink's magic link authentication flow works end to end.
The user types their email into your platform's login form. No password field. No registration complexity. No friction just an email address. That's the entire entry point.
Zero-friction entryVeriLink generates a time-limited, cryptographically signed magic link and delivers it to the user's inbox. The link is unique, single-use, and expires automatically to prevent replay attacks.
Encrypted · Single-use · Time-boundOne click. VeriLink validates the token signature, checks device cookie signals and IP bucket rules, and verifies expiration all within milliseconds. Suspicious signals trigger MFA or block the attempt entirely.
Anti-phishing · Device validation · Risk signalsAuthentication complete. VeriLink issues a session, binds it to the device cookie, and returns OIDC-compliant tokens to your platform. The user is authenticated no password was ever touched, stored, or transmitted.
OIDC token issued · Session boundPay for active authenticated users only. Dormant accounts cost nothing. No seat fees, no minimums, no surprises.
For pilots, prototypes, and early startups validating demand without cost pressure.
Free tier for up to 100 active users
Best for: Pilots and early-stage validation
Get Started FreeFor SaaS platforms and small businesses that need passwordless login plus stronger policy controls.
Example: 2,000 active users = $100 / month
Metered billing via Stripe usage records
For security-critical environments, regulated industries, and high-volume platforms needing strict controls.
Volume-based pricing, custom policies, SLA options
Best for: Regulated and high-volume platforms
Contact SalesBill platforms, not end users. Aggregate unique authenticated users per platform per billing cycle and submit as Stripe metered usage. Platform identity should be verified via API key or OAuth client credentials.
Log authentication events with platform_id and user_id_hash.
An active user is defined as a unique end user who authenticates at least once per 30-day cycle.
Users who don't authenticate within a cycle incur no cost.
VeriLink eliminates passwords at the protocol level not just the UI. Every layer is hardened from the ground up, so your users stay protected without additional configuration complexity.
All magic link tokens are cryptographically signed. Tampering is instantly detectable and rejected at the edge.
Every magic link expires automatically. Time-bound tokens prevent replay attacks even if intercepted in transit.
Device cookie binding and IP enforcement detect and block phishing attempts before access is ever granted.
Full audit trail with SIEM export hooks. Every authentication event is logged, queryable, and exportable.
Advanced device signals detect unusual login patterns and surface anomalies before they become incidents.
No passwords means no credential stuffing, no brute force, no dictionary attacks the entire attack surface is eliminated.
Everything you need to know about VeriLink's authentication, pricing, and integration.
platform_id and user_id_hash for accurate aggregation.Start with 100 free active users. No credit card. No time limit. Zero risk.