BM Guardian
Sign in
Built for Education

Unified Identity
Management for Education

BM Guardian provides single sign-on, identity management, and application access control for schools and educational institutions — secure, centralized, and effortless.

Start Protecting Your InstitutionExplore the Docs

500+

Institutions

1M+

Identities Secured

99.9%

Uptime SLA

6

Auth Protocols

Capabilities

Everything you need to secure access

A complete identity platform purpose-built for schools, districts, and educational organizations.

Institution Management

Add and manage schools, districts, and educational organizations with dedicated admin access and hierarchical controls.

Single Sign-On

Configure Google, Microsoft, LinkedIn, Meta, or custom OIDC and SAML providers for seamless SSO across your ecosystem.

OAuth2 Applications

Register applications, manage client credentials, and configure redirect URIs with full OAuth2 support.

Role-Based Access

Granular RBAC with super admin, org admin, and member roles. Control who can access what, down to the resource level.

OIDC Provider with PKCE

Full OAuth2 Authorization Code Flow with PKCE. RS256-signed tokens, JWKS discovery, and OpenID Connect compliance.

Platform Configuration

Centralized settings for session policies, password requirements, email verification, maintenance mode, and more.

Getting Started

Up and running in minutes

Three simple steps to bring enterprise identity management to your institution.

1

Register Institution

Create your institution profile and invite administrators. Set up your organization hierarchy and user directories.

2

Configure SSO

Connect your identity providers — Google Workspace, Microsoft Entra ID, or custom SAML/OIDC — in a few clicks.

3

Go Live

Enable applications, roll out to your users, and enjoy centralized access control with full audit visibility.

Security First

Enterprise-Grade Security

BM Guardian is built from the ground up with security at its core. Every layer of the platform is designed to protect sensitive student and staff identities.

  • RS256 JWT signing with rotatable key pairs and JWKS discovery
  • PKCE enforcement for public OAuth2 clients
  • AES-256 encryption for SSO provider credentials at rest
  • Configurable password policies, session timeouts, and login attempt limits
  • Role-based access control with principle of least privilege
RS256
AES-256
PKCE

Ready to get started?

Deploy BM Guardian and bring unified identity management to your institution in minutes.

Get Started Free