Authentication

Secure access without rebuilding authentication.

Vasat provides the authentication, access-control and monitoring foundations that government and enterprise applications need — without requiring each project to rebuild the same security layer.

OAuth 2.0

Support secure user, application and service authentication through configurable OAuth 2.0 flows covering token issuance, refresh and revocation.

Single Sign-On

Connect users through an organisation's existing identity provider using standard SSO protocols so users authenticate once across multiple applications.

Third-Party Providers

Integrate external identity and authentication providers — including Google, Azure AD and Amazon Cognito — through one unified authentication layer.

Access Control Lists

Define granular permissions for users, teams, contractors and services using configurable ACLs that control exactly what each identity can see and do.

IP Restrictions

Restrict application and API access by IP address or range to enforce network-level controls alongside identity-based authentication.

Security-Event Logging

Record authentication events, access decisions and anomalies to support auditing, compliance review and incident investigation.

How it works

From trigger to outcome in one platform

01Request access
02Verify identity
03Apply access rules
04Authorise

Why it matters

Operational outcomes that compound

Consistent access control

Apply the same security model across web applications, mobile clients and APIs — configured in one place and enforced across the platform.

Reuse, not rebuild

Reduce implementation time by reusing pre-built authentication flows across every project on the platform, rather than recreating the same security layer from scratch.

Complete audit trail

Maintain a single log of authentication events and access decisions across every application — supporting compliance review and incident investigation.

Example uses

Seen in the field

Government staff portal

Staff authenticate through the organisation's existing identity provider, while the platform logs every access event for compliance review and auditing.

Multi-tenant application

Different organisations share a deployed platform, each with isolated users and role-based access to their data — configured through ACLs without code changes.

Find out how Vasat handles authentication for your project.

Tell the team about your identity requirements, existing providers and the access-control rules your application needs.