Secured by Ailacs Identity

Enterprise-Grade Authentication on Every Login.

Every session, every role assignment, and every API call in Logistics is protected by Ailacs Identity — a dedicated B2C authentication platform built to enterprise standards. Your operators, trucks, and fleet data sit behind OIDC, TOTP MFA, RBAC, and JWT access tokens with automatic key rotation.

Read the auth docs About Ailacs Identity
OpenID Connect TOTP MFA JWT & RBAC 99.9% uptime SLA

Trust signals at a glance

500K+ active users
Ailacs Identity is trusted across thousands of applications worldwide.
SOC 2 & GDPR aligned
Standards-based compliance baked into every auth flow.
Automatic key rotation
JWT signing keys rotate automatically — no manual intervention needed.
How authentication works

Standards-based OpenID Connect — from login to role claim.

1

Authorization Code Flow

When you sign in, Logistics redirects to auth.ailacs.com using the OIDC Authorization Code flow. Your credentials never touch the Logistics server — they are verified entirely within Ailacs Identity.

2

JWT ID Token & Role Claims

After authentication, a signed JWT ID token is issued containing a verified user identity and permission claims. Logistics reads these claims to enforce access control on every page and API endpoint.

3

Session & Sign-Out

Sessions are maintained by a secure, HTTP-only cookie. Sign-out triggers a coordinated OIDC front-channel logout, clearing both the Logistics session and the Ailacs Identity SSO session in a single step.

Security features

Layers of protection across identity and the application.

🔐

TOTP MFA

Ailacs Identity supports authenticator-app TOTP multi-factor authentication. Foreman accounts can enforce MFA org-wide via the Ailacs portal.

🗝️

Automatic Key Rotation

JWT signing keys are automatically rotated by Ailacs Identity with zero downtime. Logistics validates tokens against the live OIDC discovery document — no hard-coded secrets.

📍

Geofenced Clock-In

Enterprise plans enforce GPS geofencing at clock-in time. Operators outside the permitted radius of a site are blocked from recording a shift start — preventing fraudulent time entries.

🛡️

Rate-Limited APIs

Every API endpoint — location updates, push subscriptions, and webhooks — is rate-limited per authenticated user. Stripe webhook payloads are verified against an HMAC-SHA256 signature before processing.

Powered by Ailacs Identity

A dedicated identity platform — not bolted-on auth.

Logistics delegates all authentication to Ailacs Identity, a purpose-built B2C identity platform running on OpenIddict with full OpenID Connect and OAuth 2.0 support. This means user credentials, MFA seeds, and session tokens are managed entirely outside the Logistics application boundary.

  • ✓  OIDC Authorization Code flow with PKCE
  • ✓  Invite-based user provisioning
  • ✓  Granular access control via the Ailacs portal
  • ✓  Audit log and user management at portal.ailacs.com
  • ✓  99.9% uptime SLA across the identity infrastructure
Full documentation at identity.ailacs.com →
How Logistics integrates
// Program.cs — OIDC middleware
builder.Services.AddAuthentication()
  .AddOpenIdConnect(options =>
  {
      options.Authority =
        "https://auth.ailacs.com";
      options.ResponseType = "code";
      options.Scope.Add("openid");
      options.Scope.Add("profile");
      options.MapInboundClaims = false;
      options.GetClaimsFromUserInfoEndpoint
        = true;
  });
Integration guide →

Want the full security picture?

Explore the Ailacs Identity documentation for a complete breakdown of OIDC flows, token validation, MFA setup, and the B2C authentication architecture behind Logistics.

Read the docs