github DuendeSoftware/products um-1.0.0
UserManagement 1.0.0
on GitHub

latest release: is-8.0.0
6 hours ago

Duende User Management 1.0

Duende User Management is a new, first-party component of Duende IdentityServer that provides native user storage, a passwordless-first authentication layer, full lifecycle management, and membership management. It ships as the Duende.UserManagement.IdentityServer8 NuGet package and integrates through a single AddUserManagement() call on the IdentityServer builder. Requires .NET 10 and Duende IdentityServer 8.

Authentication Methods

  • One-Time Passwords (OTP). Passwordless authentication using codes delivered by email, SMS or any other custom mechanism. Supports configurable code length, expiry, and rate limiting. New users are automatically registered on their first successful OTP authentication.
  • TOTP. Time-based one-time passwords compatible with authenticator apps like Microsoft Authenticator and Google Authenticator.
  • Passkeys (WebAuthn/FIDO2). Phishing-resistant, device-bound authentication using the FIDO2/WebAuthn standard. Supports TPM attestation validation and configurable attestation format handling.
  • Recovery Codes. Single-use codes that allow users to regain access when other authentication methods are unavailable.
  • External Authentication. Federate with external identity providers using OpenID Connect and OAuth 2.0. New users are automatically registered using an IExternalAuthenticator interface.
  • Passwords. Traditional credential-based authentication for scenarios where it's required. Includes multi-algorithm password verification with transparent re-hashing when algorithms are upgraded.

User Profiles

  • Extensible attribute-based profile model using an Entity-Attribute-Value (EAV) schema with support for scalar, list and complex types.
  • Schema-aware attribute collections with validation
  • Attribute grouping and ordering for UI rendering
  • Queryable attributes for searching and filtering users
  • Custom attributes map directly to OIDC claims using the built-in UserManagementProfileService

Membership & Authorization

  • Built-in roles and groups for modeling organizational structures and permission boundaries
  • Programmatic membership management using IMembershipAdmin. Assign users to (or remove them from) roles and groups in provisioning workflows, admin UIs, or automated onboarding.

Storage

  • Three storage providers out of the box: PostgreSQL (recommended for production), SQL Server, and SQLite (development/testing)
  • Schema creation from code using IDataBaseSchema or generated migration scripts

IdentityServer Integration

  • Registers as an extension on the IdentityServer builder: AddUserManagement()
  • All modules (profiles, authentication, membership) are auto-registered. no need to enable them individually
  • Built-in UserManagementProfileService maps profile attributes and role memberships to OIDC claims.

Getting Started

Get started by following the Getting Started tutorial, which walks you through building a complete OTP login flow from scratch. For integration into an existing IdentityServer deployment, see IdentityServer Integration.

Further Reading

Check out latest releases or
releases around DuendeSoftware/products um-1.0.0

Don't miss a new products release

NewReleases is sending notifications on new releases.

Get notifications