Skip to content

On‑premises appliances

Embed ProAuth with your on‑prem product. Customers keep full control of data and deployment—on‑prem, private/public cloud, or fully offline.

Industry Context

Archetype: Laboratory and industrial device manufacturers

Managed labs and factory floors with authentication on the device HMI and the central management application. Sites range from small labs to large regulated plants with hundreds of devices.

Challenges

Heterogeneous environments, mixed connectivity (air‑gapped to public cloud), and varying identity requirements per customer makes maintaining embedded auth costly and complex.

  • Operate fully offline or in private/public cloud without changing product code
  • Choice of isolated user management vs. federation to corporate directories (e.g., Entra ID)
  • Redistributable licensing to ship identity with the product
  • Brandable login and customizable factors and user stores
  • Installation and upgrades must be fully automated and idempotent

Solution Approach

ProAuth ships as part of your appliance stack with configuration‑as‑code and Helm for repeatable, zero‑downtime rollouts across all customer environments.

Runtime configuration: tenants, policies, factors, and branding without redeploys

Pluggable user stores and federation to customer IdPs; SCIM for directory sync

Redistributable license model for OEM/embedded delivery

Single, consistent OIDC/OAuth surface for device and management software

Architecture & Operations

Typically deployed to local or cloud Kubernetes clusters operated by the customer. Helm charts enable zero‑downtime updates and blue‑green/rolling strategies.

  • ProAuth core services (OIDC/OAuth2, policy engine, MFA modules)
  • Config‑as‑code (YAML) and CLI for automated install and updates
  • Optional dedicated user stores per site; federation to Entra ID or other IdPs
  • SCIM for directory synchronization when required

Designed for 24/7 availability with horizontal scaling where k8s is present; supports fully offline sites with local dependencies only.

Implementation

Timeline: Typically integrated in under 1 week, aligned with the product’s automated installer.

  1. P0: Architecture & deployment model walkthrough
  2. P1: Automated install via Helm + configuration‑as‑code
  3. P2: HMI and management app OIDC integration + MFA policies
  4. P3: Federation/SCIM (optional) and branding

Results & Benefits

  • Manufacturers focus on core device value while ProAuth covers identity end‑to‑end
  • Uniform integration across heterogeneous customer environments
  • Meets regulatory and data‑residency constraints with on‑prem control
1-3 weeks
Typical time to integrate
Zero‑downtime upgrades
Deployment posture

Future Expansion

  • Passwordless (Passkeys) rollout across device fleet
  • Expanded SCIM coverage for partner directories

Why ProAuth

  • Minimal footprint, runs virtually anywhere
  • One identity surface and API for your product
  • Automate setup and management with CLI and APIs

How it fits

  • Bundle containers and configure via API/CLI at install and upgrade time
  • Support air‑gapped datacenters and public/private cloud

Outcomes

  • Uniform integration across heterogeneous environments
  • Meets regulatory and data‑residency constraints
Related Documentation: Installation · Architecture · CLI · Management API
Get started Talk to an expert
Explore features · See pricing