OpenID Connect (OIDC) Identity Provider

Passwordless Auth
Without the Complexity

VeriLink enables software platforms to implement passwordless authentication and centralized identity management usage based, secure, and built for scale.

100 Free Active Users
$0.05 Per Active User / Mo
OIDC Compliant Protocol
$0 Dormant Account Cost
Highlights
Passwordless Magic Links No Passwords Ever
100 Active Users Free Developer Tier, Always
OpenID Connect (OIDC) Compliant Identity Provider
Usage-Based Pricing Pay Only for Active Users
Device Cookie Binding & IP Bucket Enforcement
OAuth / SSO Integration Support Out of the Box
Dormant Accounts Cost Absolutely Nothing
Conditional MFA Policy Hooks Smart Risk-Based Auth
Stripe Metered Billing for SMB & Enterprise Tiers
Audit Logs & SIEM Export Hooks Enterprise Ready
Advanced Device Fingerprinting Signals
Anti-Phishing Protection Built Into Every Link
Passwordless Magic Links No Passwords Ever
100 Active Users Free Developer Tier, Always
OpenID Connect (OIDC) Compliant Identity Provider
Usage-Based Pricing Pay Only for Active Users
Device Cookie Binding & IP Bucket Enforcement
OAuth / SSO Integration Support Out of the Box
Dormant Accounts Cost Absolutely Nothing
Conditional MFA Policy Hooks Smart Risk-Based Auth
Stripe Metered Billing for SMB & Enterprise Tiers
Audit Logs & SIEM Export Hooks Enterprise Ready
Advanced Device Fingerprinting Signals
Anti-Phishing Protection Built Into Every Link
Product

Everything You Need for
Modern Authentication

VeriLink replaces legacy password infrastructure with a zero-friction identity layer built natively for software platforms.

Magic Link Authentication

Send one-time login links directly to user inboxes. No passwords to remember, reset, or compromise. Works out of the box with any email provider.

Device Cookie Binding

Bind authenticated sessions to specific devices using persistent encrypted cookies. Prevents session hijacking and token replay attacks automatically.

IP Bucket Enforcement

Restrict and monitor authentication attempts per IP range. Detect anomalous login patterns and block suspicious traffic before incidents occur.

OAuth / SSO Integration

Drop-in OIDC provider compatible with any platform supporting OAuth 2.0. Integrate with your existing stack in hours, not weeks of custom development.

Dashboard Visibility

Monitor active users, authentication events, and policy violations in real time through a clean, developer-friendly dashboard with full audit trails.

Conditional MFA Hooks

Trigger a second factor only when risk signals warrant it. Smart MFA that doesn't burden trusted users or miss high-risk authentication attempts.

// Integrates with your existing stack

Node.js
Python
React
Next.js
Go
Ruby
Java
PHP
Stripe
How it Works

Email to Authenticated
in Four Steps

No passwords. No friction. Just a link and a click here's how VeriLink's magic link authentication flow works end to end.

01

User Enters Their Email

The user types their email into your platform's login form. No password field. No registration complexity. No friction just an email address. That's the entire entry point.

Zero-friction entry
02

VeriLink Sends a Magic Link

VeriLink generates a time-limited, cryptographically signed magic link and delivers it to the user's inbox. The link is unique, single-use, and expires automatically to prevent replay attacks.

Encrypted · Single-use · Time-bound
03

User Clicks the Link

One click. VeriLink validates the token signature, checks device cookie signals and IP bucket rules, and verifies expiration all within milliseconds. Suspicious signals trigger MFA or block the attempt entirely.

Anti-phishing · Device validation · Risk signals
04

Instantly Logged In

Authentication complete. VeriLink issues a session, binds it to the device cookie, and returns OIDC-compliant tokens to your platform. The user is authenticated no password was ever touched, stored, or transmitted.

OIDC token issued · Session bound
verilink-integration.js
// 1. Initialize VeriLink OIDC client
const verilink = new VeriLink({
  clientId: 'your-platform-client-id',
  redirectUri: 'https://yourapp.com/auth/callback',
  scope: 'openid email profile'
});
 
// 2. Send magic link to user email
await verilink.sendMagicLink({ email: userEmail });
// → Email dispatched with signed, expiring token
 
// 3. Validate on callback device & IP checks run automatically
const session = await verilink.verifyToken(token);
// → { userId, email, deviceBound: true, iat, exp, platform_id }
Pricing

Usage-Based Licensing for
Passwordless Auth

Pay for active authenticated users only. Dormant accounts cost nothing. No seat fees, no minimums, no surprises.

Active user definition: A unique end user who completes a VeriLink authentication at least once within a 30-day billing cycle. Dormant accounts cost $0.
Developer
Free Tier
Up to 100 active users

For pilots, prototypes, and early startups validating demand without cost pressure.

$0 / month

Free tier for up to 100 active users

Passwordless magic links
Device cookie binding
IP bucket enforcement
Basic dashboard visibility
Community support

Best for: Pilots and early-stage validation

Get Started Free
Enterprise
Scale
Unlimited active users

For security-critical environments, regulated industries, and high-volume platforms needing strict controls.

$0.02 –$0.03 per active user / month

Volume-based pricing, custom policies, SLA options

Dedicated tenant options
Custom authentication policies
Audit logs and SIEM export hooks
Advanced threat signal inputs
Dedicated onboarding and support
SLA availability

Best for: Regulated and high-volume platforms

Contact Sales

Implementation Note

Bill platforms, not end users. Aggregate unique authenticated users per platform per billing cycle and submit as Stripe metered usage. Platform identity should be verified via API key or OAuth client credentials.

Log authentication events with platform_id and user_id_hash. An active user is defined as a unique end user who authenticates at least once per 30-day cycle. Users who don't authenticate within a cycle incur no cost.

Security

Built Secure.
By Default.

VeriLink eliminates passwords at the protocol level not just the UI. Every layer is hardened from the ground up, so your users stay protected without additional configuration complexity.

OIDC
OAuth 2.0
PKCE
JWT
TLS 1.3

Token Encryption

All magic link tokens are cryptographically signed. Tampering is instantly detectable and rejected at the edge.

Link Expiration

Every magic link expires automatically. Time-bound tokens prevent replay attacks even if intercepted in transit.

Anti-Phishing

Device cookie binding and IP enforcement detect and block phishing attempts before access is ever granted.

Audit & Compliance

Full audit trail with SIEM export hooks. Every authentication event is logged, queryable, and exportable.

Device Fingerprinting

Advanced device signals detect unusual login patterns and surface anomalies before they become incidents.

Zero Password Surface

No passwords means no credential stuffing, no brute force, no dictionary attacks the entire attack surface is eliminated.

FAQ

Questions? Answered.

Everything you need to know about VeriLink's authentication, pricing, and integration.

Is VeriLink secure for production?
+
Yes. VeriLink is built on OIDC/OAuth 2.0 standards with PKCE. All tokens are cryptographically signed, time-limited, and single-use. The passwordless architecture eliminates credential-based attacks entirely there are no passwords to steal, guess, or brute-force.
What happens if the magic link expires?
+
VeriLink returns an expiration error and your platform can prompt the user to request a fresh link. The flow is frictionless users just re-enter their email and a new link is dispatched immediately. Expiration times are configurable per your security policy.
Can I customize the magic link emails?
+
Yes. VeriLink supports custom email templates including your brand colors, logo, and copy. Enterprise plans include dedicated email domain configuration so magic links appear from your own domain rather than VeriLink's infrastructure.
How does usage based billing work?
+
You're billed only for unique users who complete at least one authentication in a 30-day cycle. Dormant users cost nothing. Billing is processed via Stripe metered usage records. Your platform reports unique authenticated user counts VeriLink never charges end users directly.
What platforms does VeriLink integrate with?
+
VeriLink is an OIDC-compliant provider, meaning it works with any platform or framework supporting OAuth 2.0 / OpenID Connect Node.js, Python, Go, Ruby, Java, PHP, and most major frontend frameworks. Integration typically takes hours, not days.
How does conditional MFA work?
+
VeriLink uses risk-signal-triggered MFA a second factor is only requested when signals warrant it (new device, unusual IP, behavioral anomalies). Trusted users on recognized devices aren't prompted repeatedly, while high-risk attempts are always challenged.
Is the Developer tier really free?
+
Yes. The Developer tier is completely free for up to 100 active users per month with no credit card required. It includes the full core feature set magic links, device cookie binding, IP enforcement, and dashboard visibility so you can validate your integration before any commitment.
What exactly is an "active user"?
+
An active user is a unique end user who completes at least one VeriLink authentication within a 30-day billing cycle. If a user doesn't log in during a cycle, they incur zero cost. We recommend logging events with platform_id and user_id_hash for accurate aggregation.
Get Started Today

Ready to Go
Passwordless?

Start with 100 free active users. No credit card. No time limit. Zero risk.