Four services. One decision.
SymmetriQ sits between your identity providers and the target EVM network. Each service is independently scalable and deployable inside your own infrastructure.
Node 01
Azure AD / Entra
SSO · MFA
Node 02
Keycloak
Roles · policies
Node 03
SymmetriQ
DID · sign
Node 04
EVM contract
Verifier
↑ SSO / MFA
↑ Policies
↓ HSM / TPM
↓ On-chain verify
The estate
3.1
Identity Bridge
Federates with Azure AD (OIDC) and Keycloak; resolves user, group, role claims.
3.2
DID Registry
Issues, stores and lifecycles DIDs; maps corporate identity ↔ DID ↔ key handle.
3.3
Policy Engine
Versioned policy-as-code rules (Rego / JSON); deterministic and auditable evaluation.
3.4
Signing Service
Talks to HSM, TPM 2.0 and Secure Enclave via PKCS#11, KMIP and platform APIs.
3.5
On-chain Verifier
Solidity library or ERC-1271 / 4337 module used by your contracts.
3.6
Audit Store
Append-only, hash-chained event log; exports to Splunk, Sentinel, Elastic.
The signing decision.
Every request flows through the same deterministic path. Deny is the default; allow is earned by an evaluated policy.
request → validate token (Azure AD)
→ resolve roles (Keycloak)
→ resolve DID + policy (SymmetriQ)
→ evaluate policy
├── deny → audit + return error
└── allow → HSM / TPM signs
→ submit tx to EVM
→ contract verifier
├── revert
└── execute
→ audit eventBuilt to bend, not break.
Policy-as-code
Signing rules are versioned, reviewed and deployed like software — not configured in a UI a single admin can change unobserved.
Pluggable cryptography
secp256k1 today; Ed25519, BLS, and NIST PQC (ML-DSA, SLH-DSA) when chains adopt them.
Pluggable identity
Azure AD and Keycloak today; any OIDC-, SAML- or LDAP-speaking provider tomorrow.
Deployment modes
Private cloud, hybrid, fully on-prem, or air-gapped enclave for the most sensitive operations.
No chain lock-in
Existing wallets, dApps and tooling continue to work. SymmetriQ only adds the access decision.
Incremental adoption
Start with one contract and one user group. Expand without re-architecture.