All the features of LoginMaster

LoginMaster's architecture is based on two fundamental components: the Tenant and the Cloud. The tenant is the customer entity that contains users and credentials. It communicates with the LoginMaster Cloud via dedicated cryptographic keys. Each project has its own key to communicate exclusively with its tenant. This separation ensures that each customer's data is isolated and protected by independent cryptographic keys.

LoginMaster's authentication token is signed by both the Tenant and the Cloud, ensuring authenticity on both sides of the communication. This dual-signature mechanism ensures that the token cannot be forged even if one side is compromised. Additionally, the communication between client and API uses a separate cryptographic certificate, adding an extra layer of protection independent from the token's signature.

No, 2FA on LoginMaster is configurable for each individual project. It can be set as disabled, optional, or mandatory depending on the project's security requirements. The user enables 2FA only if at least one project in their tenant requires it. The system is based on TOTP and is compatible with Google Authenticator and similar applications, offering a balance between security and practicality.

By the end of Q2 2026, LoginMaster will support Single Sign-On authentication with Google Workspace and Microsoft Entra ID. These two providers cover the vast majority of corporate environments and will allow your users to access tenant projects with the corporate credentials they already use daily, without having to manage separate passwords.

No. On LoginMaster, no administrator can reset passwords, change emails, or disable a user's 2FA. Only the user themselves can perform these operations through secure procedures. This principle of exclusive user control prevents identity theft and protects users even if an administrative account is compromised.

Customer personnel have a single account on the tenant and can access various projects upon confirmation by the project admin or tenant admin. Each project supports user and device subject types, with API keys for server-to-server communication. By Q2 2026, AWS IoT integration will be available to manage IoT device credentials from the same panel. The admin controls who can access which project.

Users' personal data resides exclusively on the customer's Tenant. The LoginMaster Cloud never contains readable information: it operates only on encrypted data and references. Not even the provider can access the data. Credentials are protected with advanced hashing and a cryptographic separation mechanism that distributes components across multiple entities, so no single component possesses the information to reconstruct them.

LoginMaster's white-label feature allows each tenant to customize logo, colors, and company name in the authentication interface. Linked projects automatically inherit the tenant's branding, so your users will see a login experience consistent with your organization's visual identity, without knowing that the underlying platform is LoginMaster.