On‑premises appliances
Embed ProAuth with your on‑prem product. Customers keep full control of data and deployment—on‑prem, private/public cloud, or fully offline.
Industry context
Archetype: Laboratory and industrial device manufacturers
Managed labs and factory floors with authentication on the device HMI and the central management application. Sites range from small labs to large regulated plants with hundreds of devices.
Challenges
Heterogeneous environments, mixed connectivity (air‑gapped to public cloud), and varying identity requirements per customer makes maintaining embedded auth costly and complex.
- Operate fully offline or in private/public cloud without changing product code
- Choice of isolated user management vs. federation to corporate directories (e.g., Entra ID)
- Redistributable licensing to ship identity with the product
- Brandable login and customizable factors and user stores
- Installation and upgrades must be fully automated and idempotent
Solution approach
ProAuth ships as part of your appliance stack with configuration‑as‑code and Helm for repeatable, zero‑downtime rollouts across all customer environments.
- Runtime configuration: tenants, policies, factors, and branding without redeploys
- Pluggable user stores and federation to customer IdPs; SCIM for directory sync
- Redistributable license model for OEM/embedded delivery
- Single, consistent OIDC/OAuth surface for device and management software
Architecture and operations
Typically deployed to local or cloud Kubernetes clusters operated by the customer. Helm charts enable zero‑downtime updates and blue‑green/rolling strategies.
Designed for 24/7 availability with horizontal scaling where k8s is present; supports fully offline sites with local dependencies only.
- ProAuth core services (OIDC/OAuth2, policy engine, MFA modules)
- Config‑as‑code (YAML) and CLI for automated install and updates
- Optional dedicated user stores per site; federation to Entra ID or other IdPs
- SCIM for directory synchronization when required
Implementation
Timeline: Typically integrated in under 1 week, aligned with the product’s automated installer.
- P0: Architecture & deployment model walkthrough
- P1: Automated install via Helm + configuration‑as‑code
- P2: HMI and management app OIDC integration + MFA policies
- P3: Federation/SCIM (optional) and branding
Results and benefits
- Manufacturers focus on core device value while ProAuth covers identity end‑to‑end
- Uniform integration across heterogeneous customer environments
- Meets regulatory and data‑residency constraints with on‑prem control
Future expansion
- Passwordless (Passkeys) rollout across device fleet
- Expanded SCIM coverage for partner directories