The organization is seeking a vendor to provide an identity and access management (IAM) solution that integrates seamlessly into its existing portal, eliminating the need to redirect customers to an external, vendor-hosted site for authentication or account management. All customer-facing authentication, registration, and account management interactions must take place within the organization's portal and support comprehensive customization and branding—including logos, colors, messages, and user flows.

The ideal solution is a vendor-supported SaaS IAM platform, built for an embedded, white-labeled approach, and capable of integrating smoothly with existing enterprise systems. It must support portal-native sign-in using UI SDKs/components or APIs, modern authentication protocols such as OIDC/OAuth 2.0 and SAML 2.0, as well as advanced session management features like login/logout, token refresh, and both idle and absolute session timeouts. Additional requirements include support for step-up authentication, passwordless options (e.g., email magic link, passkeys/Web Authn, SMS/voice OTP), and single or multiple session configurations per user.

The solution should offer robust registration and onboarding processes with portal-native interfaces, configurable workflows for self-registration, email/phone verification, and bot protection integration. It should also support flexible account recovery and credential management, including options for password resets, username/email recovery, MFA reset and recovery, account unlock, and configurable password policies with breach detection and policy enforcement. Multi-factor authentication methods such as TOTP (authenticator apps), email OTP, and SMS OTP (with fraud controls) are required.