Identity & Access Management – IAM

Empower your workforce, partners and customers
with trusted identity and access – no disruption, full control.

Contact a TradeVeris Expert

What we Deliver

  • Authentication you can trust (Who is this?)
    High‑assurance identity via verifiable credentials. Supports vLEI (legal entity identity & organisational roles) out of the box, and LPID/EUDI as the ecosystem expands. Works alongside your current IdP.
  • Authorisation that travels with the user (What can they do?)
    Role‑aware and attribute‑based access (RBAC/ABAC) backed by signed credentials – e.g. organisation roles (OOR/ECR), delegations/Power of Attorney, employment or project roles.
  • Wallet‑agnostic by design
    Works with EUDI wallets, organisational wallets, and common device wallets. Users can keep multiple wallets; we also offer a single‑wallet experience that combines vLEI and LPID for seamless presentations. The organisational wallet is also available as a browser plugin via DC‑API, enabling seamless verification in existing web applications.
  • Zero disruption to your stack
    Drop‑in verification widgets and clean APIs. Integrates with Okta, Entra ID, Ping and more via SAML/OIDC; directory sync via SCIM. No protocol plumbing required.
  • No changes to your Identity Provider; easy user onboarding across siloed Identity Providers
    Verifiable credentials are portable and reusable across domains, eliminating the need for pre-established trust relationships or complex federation setups. This means users can authenticate and authorise across multiple platforms operated by different organisations – securely, consistently, and without modifying your existing Okta or Entra-ID identity provider.
  • Future‑ready trust anchors
    vLEI anchored in GLEIF infrastructure (production‑ready today). LPID anchored in EUDI/eIDAS2 trust registries (emerging; we’re tracking rollout and preparing for EUBW integration).
  • Security, privacy, and auditability
    Device binding & passkeys (FIDO2/WebAuthn), selective disclosure & consent, issuance/suspension/revocation workflows, exportable evidence logs.
  • Managed Credential Issuance
    Need to issue verifiable credentials without building complex infrastructure? Explore our Managed Credential Issuance service – a streamlined way to create, deliver, and manage identity and role credentials with full lifecycle control.

KYC/KYB-backed Credential Issuance (Optional)

  • Risk-Ready Profiles
    Distill authoritative checks (e.g., entity registry, sanctions screening, PEP checks, director roles) into signed, privacy-preserving credentials.
  • Ultimate Beneficial Owner (UBO) identification
    Sensitive evidence will be selectively disclosable.
  • Reusable, Selective Disclosure
    Users present only what’s needed (e.g., “Not on Sanctions List,” “Director of X,” “Address Verified”). No document over-sharing.
  • Lifecycle & Revocation
    Dynamic status updates reflect changes (e.g., expired proof of address, new sanctions watchlist events).
  • Consent & Audit
    Every presentation is consented and logged, supporting auditability with minimal data retention.

How It Works

  • Verify & Issue Your admin (or an automated workflow) requests an identity credential. If enabled, TradeVeris orchestrates KYC/KYB checks and distils outcomes into signed credentials, minimising data shared.
  • Bind Securely Credentials sit in the user’s chosen wallet (or our single‑wallet experience), device‑bound and unlocked via biometrics/passkeys. No passwords to phish.
  • Authenticate At sign‑in, your IdP or app invokes our verification widget/API. The user consents; the wallet presents the minimal proof needed (OID4VP or vLEI flows). You get a verified identity assertion.
  • Authorise Our policy engine evaluates roles/attributes, credential status, time/location windows, and delegations to grant the appropriate access – across apps, APIs, and physical endpoints.
  • Monitor & Govern Lifecycle events (expiry, suspension, revocation) propagate automatically. Consent and presentation events are logged for audit; data minimisation by default.

No heavy lifting: keep your IdP, keep your apps. Add TradeVeris IAM to verify credentials at the edge and enrich your existing RBAC/ABAC policies.

Why TradeVeris IAM

  • Mature today
    vLEI ecosystem ready now for legal entities & roles.
  • Prepared for tomorrow
    LPID/EUDI adoption is ramping; we’re aligned with eIDAS2 timelines and EUBW rollout.
  • Wallet flexibility
    Bring your own wallets or use our unified experience – your choice.
  • Protocol abstraction
    KERI/ACDC, OID4VCI/OID4VP handled behind the scenes.
  • Enterprise fit
    Works with current SSO, logs, and governance processes.

Unified IAM for Wallets, Roles & Real-World Access

Unified Wallet Experience

One wallet, endless trust: unify personal and organisational credentials

  • vLEI roles (OOR/ECR) + LPID for assertions
  • Device binding, biometric unlocks, passkeys (FIDO2/WebAuthn)
  • Selective disclosure & consent prompts
  • Wallet Support: TradeVeris supports both personal (EUDI) and organisational wallets under eIDAS2, enabling secure credential exchange across individuals and legal entities

Roadmap & Ecosystem Readiness

Bridging corporate IAM (Okta, Entra-ID) and existing or emerging identity ecosystems

 

 

  • vLEI (Ready): Global infrastructure operated by GLEIF; proven issuance and verification at scale
  • LPID/EUDI (Emerging): We track eIDAS2/EUDI deployments and EUBW rollout; TradeVeris is integration‑ready and will enable LPID‑based flows as wallets become widely available

Developer-First

Credential-ready from backend to portal no heavy lifting

 

 

  • IdP integration: SAML/OIDC with Okta, Entra ID, Ping, Auth0
  • Directory sync: SCIM for Joiner/Mover/Leaver automation
  • Eventing: webhooks for issuance, presentation, revocation
  • Policy: simple rules for role/attribute/time/location; callouts for custom logic
  • DC‑API: request credential presentations from partner portals without implementing wallet protocols

Security, Privacy & Compliance

Credential lifecycle with full traceability and compliance built-in

 

  • Strong auth: FIDO2/WebAuthn passkeys, secure enclaves, device binding
  • Privacy by design: selective disclosure, explicit consent, data minimisation
  • Lifecycle controls: issuance, suspension, revocation; delegated authority with traceability
  • Auditability: exportable evidence packages (timestamps, credential refs, policies)

  • Delegation Traceability: Log and audit delegated authorities

Contact a TradeVeris Expert

DC-API Explained

Role in Architecture:
DC-API acts as a bridge between wallets and relying party systems, enabling portals and apps to request verifiable credential presentations without needing to implement wallet protocols like OID4VP or KERI.

 

Impact on User Experience:

  • Users see a consistent consent flow regardless of which wallet they use.
  • No need for portals to handle cryptographic details – TradeVeris abstracts complexity.
  • Faster integration for partners, reducing time-to-market for IAM-enabled services.

Use Cases

These examples illustrate just a few of the many real-world scenarios where verifiable credentials simplify identity and access management. From onboarding and contracting to operational access across platforms, TradeVeris IAM enables secure, reusable credential flows without the complexity of federation. While the examples below focus on company onboarding and secure access across systems, similar patterns apply to legal document workflows, delegated authority in regulated environments, and multi-party access control – demonstrating the versatility of verifiable IAM credentials.


Looking for more examples? Check out our Extended Use Cases page for scenarios across ports, compliance, and cross-enterprise collaboration.

Trusted Contracting

Streamline onboarding and contracting across jurisdictions with verifiable credentials

 

  • Faster Onboarding: Replace manual checks and paper-based verification with vLEI credentials for legal entity identity, reducing delays and errors.
  • Authority Verification: Add a Power of Attorney or vLEI role credential to confirm who is authorised to act on behalf of the company.
  • Digital Contracting: Enable secure signing of service agreements, NDAs, and trade contracts across multiple relying parties – no courier delays or federated trust setup.

Why It Matters: Traditional onboarding involves costly, time-consuming verification steps across registries and jurisdictions. Using verifiable credentials automates these processes, accelerates compliance checks, and ensures full traceability.

Example: A freight forwarder uses a vLEI credential to sign a port services agreement and a customs brokerage contract. Each relying party independently verifies the credential in seconds, cutting verification costs by up to 70% and reducing processing time from days to minutes.

Get In Touch

Cross-Platform Privileged Access Without Federation

Secure access to critical systems across organisational boundaries – easy user onboarding across siloed identity providers

 

  • Independent IdPs: Organisation A and Organisation B each operate their own identity provider (IdP), with no shared trust or federation agreement.
  • Credential Reuse: A user presents the same vLEI identity credential to authenticate into both systems – e.g. a port operations dashboard and a customs clearance portal – even though they belong to different entities.
  • Role & Assurance: Combine with role credentials and KYC-backed micro-credentials for elevated assurance.
  • Policy Enforcement: Apply time- or location-based access policies for sensitive actions.
  • Central Revocation: Revoke once to disable access across all systems – no need to coordinate with each IdP.

Example: A customs broker uses one organisational wallet to access the customs portal, a port community system, and a bonded warehouse application. No federation agreements exist between these entities, yet the broker enjoys seamless, secure access – and the organisations maintain strong assurance and auditability.

Get In Touch

Managed Credential Issuance

Need to issue verifiable credentials without building complex infrastructure? Explore our Managed Credential Issuance service – a streamlined way to create, deliver, and manage identity and role credentials with full lifecycle control.

Ideal for:

  • Enterprises issuing staff roles or delegated authorities.
  • B2B onboarding (legal entity credentials, proof of authority).
  • Compliance-driven sectors needing KYC/KYB-backed credentials without hosting infrastructure.
Learn More

Standards We Speak (so you don’t have to)

  • One Wallet, Two Ecosystems: vLEI via KERI/ACDC; PID/LPID via OID4VCI/OID4VP
  • Anchored trust: EBSI for PID/LPID; GLEIF for vLEI.
  • Biometric + Passkey Security: Device-bound credentials with biometric unlock (via FIDO2/WebAuthn).
  • Standards: eIDAS 2.0, EUDI Wallet, KERI/ACDC, OID4VCI/OID4VP, SAML, OAuth 2.0, OIDC, SCIM.
  • DC-API: Simplifies credential presentation for partner portals and apps.
  • Privacy by Design: selective disclosure, consent-based presentations.