Medicus IAM

Medicus IAM is the identity and security service behind Medicus. It signs you in, protects your account, and keeps you in control of your data across every Medicus product.

  • Standards-based sign-in

    Built on OAuth 2.0 and OpenID Connect, the same protocols trusted by banks and major platforms, so your password is never shared with the apps you use.

  • Multi-factor authentication

    Add a second layer with an authenticator app (TOTP) or a passkey (WebAuthn), so only you can get in, even if your password is ever exposed.

  • Encryption at every layer

    Your data is encrypted in transit with TLS and at rest with AES-256. Passwords are never stored in plain text; we keep only a salted PBKDF2 (HMAC-SHA256) hash. Your sign-in tokens are RS256-signed, short-lived, and rotate automatically, so a stolen token can't be reused.

  • You control your data

    Granular, unbundled consent for our Terms and Privacy Policy, with a full, versioned audit trail. You can review, export, or delete your data at any time.

  • Monitored & isolated

    Every security-relevant action is logged and continuously monitored, and strict tenant isolation keeps each organisation's data fully separate, protected to medical-data standards.

Built on open standards

OAuth 2.0 OpenID Connect TLS / HSTS AES-256 PBKDF2-SHA256 RS256

Medicus is built to healthcare standards, independently aligned with the regulations that protect your health data.

GDPR compliant HIPAA compliant
Medicus IAM is part of the Medicus health platform.