EU sovereign identity

Europe's sovereign alternative to WorkOS and Ory.

Fully hosted in the EU. Data never leaves Europe. GDPR-native by design.

EU-only
Infrastructure & data
< 5 days
To production
100%
Open standards

Hosted in Germany

Every byte runs on EU infrastructure. Nothing is replicated outside Europe.

Zero US exposure

No US entity, no US cloud. Outside the reach of the US CLOUD Act.

GDPR-native

Privacy built into the architecture, not bolted on to pass an audit.

Why Thoryn

The same capability. None of the exposure.

01

Sovereign by default

Hosted in Germany. No data leaves the EU. No US legal exposure.

02

Open standards

OIDC, SAML, and SCIM. Works with your stack from day one.

03

Cross-org federation

Connect identities across organizations. The layer others skip.

Product

One platform. Four core capabilities.

Single sign-on

SSO

One login across every application, over OIDC and SAML.

Directory sync

SCIM

Provision and remove users automatically as teams change.

Authentication

Auth

MFA, passkeys, and session control out of the box.

Authorization

Fine-grained access

Policy-based control over who can reach what.

Developer experience

Built for developers. Live in five days.

A few lines to production identity.

A clean SDK and standard protocols mean SSO, directory sync, and authorization drop into your app without a rebuild.

Works over OIDC, SAML, and SCIM.

auth.ts
import { Thoryn } from "@thoryn/sdk";

const thoryn = new Thoryn({ region: "eu-central" });

// Send a user into SSO
app.get("/login", (req, res) => {
  const url = thoryn.sso.authorizationUrl({
    connection: "acme-oidc",
    redirectUri: "https://app.example.eu/callback",
  });
  res.redirect(url);
});

// Exchange the code for a verified profile
app.get("/callback", async (req, res) => {
  const { user } = await thoryn.sso.exchange(req.query.code);
  req.session.user = user; // stored in the EU, always
  res.redirect("/dashboard");
});
Day 1 · Kickoff

Map the stack

We review your apps, identity providers, and requirements.

Day 2 · Connect

Wire up SSO

Single sign-on and directory sync connected to your apps.

Day 3 · Configure

Roles and audit

Policies, fine-grained access, and audit logging in place.

Day 5 · Live

In production

Running on EU infrastructure, ready for your users.

Beachhead · Built environment

Secure file sharing across a project chain.

A single renovation programme runs across municipalities, contractors, engineers, and suppliers. Thoryn gives each partner scoped access to the right files, and nothing else.

No shared login and no central directory anyone has to own.
Access follows the credential. When the project ends, access ends.
Every action logged, ready for audit and procurement review.
See the use case
One project · many organizations
Municipality
Project owner
grants access
Thoryn
Contractor
Verified partner
scoped
Engineering firm
Verified partner
scoped
Supplier
Time-boxed
expires
Security & compliance

Compliant by architecture, not paperwork.

EU data residency

Hosted in Germany. No transfers to non-EU jurisdictions.

GDPR

Data protection native to the platform, not retrofitted.

NIS2

Aligned security controls for essential and important entities.

DORA

Operational resilience for financial sector deployments.

eIDAS 2.0

Ready for European Digital Identity, aligned to ARF 1.4.

Audit logging

Every authentication and access event recorded and exportable.

Ready for European Digital Identity.

Thoryn speaks the EUDI Wallet protocols today, so you are prepared as eIDAS 2.0 rolls out across the EU.

EUDI WalletOID4VPOID4VCIARF 1.4
How Thoryn compares

Enterprise identity, without leaving Europe.

ThorynWorkOSOry
EU-only infrastructure by defaultYesNoSelf-hosted
Zero US legal exposureYesNoDepends
Enterprise SSO and SCIMYesYesPartial
Cross-organization federationYesNoNo
eIDAS 2.0 and EUDI readyYesNoNo

Based on publicly available product information. Reflects default managed offerings.

Pricing

Simple, sovereign, transparent.

Starter
€15k / year
SSO and directory sync for a single organization.
  • SSO over OIDC and SAML
  • SCIM directory sync
  • Hosted in the EU
Get started
Most chosen
Growth
€32k / year
Full authentication and fine-grained authorization.
  • Everything in Starter
  • MFA and passkeys
  • Policy-based authorization
  • Audit logs
Book a demo
Enterprise
€60k / year
Cross-org federation and enterprise support.
  • Everything in Growth
  • Cross-organization federation
  • Dedicated support and SLAs
  • Custom deployment
Talk to us

All plans hosted in the EU. Priced per year, billed annually.

Own your identity layer.

See how Thoryn fits your stack in a 30-minute demo.