Innovative architecture
Maximum security

Based on an innovative architecture and on the highest standard of security, Memority delivers its services trustworthy to its customers.



Innovative architecture

A unique platform

Memority is a single platform with three offerings: My-Identity, My-Access and My-Keys. These three offerings share several services: data backend, cross-functional services, administration portal, functional portal, and so on.


Thereby, should a customer already use one of the offer, subscribing to another one does not require any real implementation project, but simply activates the functionalities, as the identities are already managed in the platform.

show less

Micro-service and cloud native

Memority has been developed on microservices approach, enabling each rendered function to be specialized. This architecture facilitates maintenance, operation, version update and security.

The Memority platform relies on our Cloud providers’ own services, to take advantage of their performance. All micro-services are deployed on a container-based architecture.

Multi-tenant at application level

The Memority platform is a multi-tenant architecture. Multi-tenancy is managed at the micro-service level, not at the container level. Each micro-service works for all the client tenants deployed on the platform. Consequently, segregation between application tenants is carried out at application and data backend level.

Each customer has two tenants: a production tenant and a non-production tenant. They are located on two separate Memority platforms, with the same SLA levels. This innovative architecture enables Memority to adapt to both large accounts and middle-market companies, ensuring the best cost/value ratio.

Blue/green version update

Our development teams work in agile mode and are organized into feature teams. The platform is updated every three weeks. These updates are carried out by redeploying the microservices on a second architecture and switching between the old and new architectures.

This process ensures risk-free, transparent version upgrades for our customers. Thanks to our multi-tenant architecture, each update is carried out simultaneously for all customers.


The Memority platform is systematically deployed on a region of one of our Cloud providers, which means that Memority is deployed on three datacenters all operating in active mode to offer maximum availability. As an option, we offer a DRP (Disaster Recovery Plan) to another region of the same Cloud provider.

show more

In a nearby future, the DRP option will be offered to a different Cloud provider, to cover any failure of one of them.


Non-intrusive architecture

All Memority components are deployed in the Cloud. We do not deploy any components on our customers’ information systems. We are fully responsible for the availability and operation of the platform, thus avoiding a complicated RACI between supplier and customer.

show more

Access to the customer’s information system for on-premise application provisioning is via IPSec tunnels and secure interface contracts. Exchanges with the rest of the ecosystem are made via REST APIs and standard identity federation protocols: SAML2, WS-Federation, OAuth, OpenID Connect.


Performances & SLAs

Thanks to its innovative architecture, Memority has been tested for up to 100 million identities within a single tenant, while providing service to other tenants on the same platform. The architecture is highly scalable, thanks to the dynamic addition of micro-services instances.

Memority is committed to a monthly availability SLA of 99.95%. Availability on our current cloud providers is 100%.

Custom architecture

Our customers are able to choose different architecture options:
• choice of Cloud provider: AWS or S3NS, or possibly GCP
• choice of region: Dublin, Paris, or possibly another region
• choice of shared or dedicated platform architecture
• choice of DRP or not
• choice of escalation to customer SOC.


Memority currently propose two Cloud providers:
• AWS for deployment in the Paris or Dublin regions
• S3NS for the Paris region. S3NS is the JV between Thales and Google. It provides a trusted cloud that will be SecNumCloud certified by 2025.

Maximum security

Dedicated security team

Memority has a dedicated security team made of a CISO and security experts.

Risk analysis

Memority has a dedicated risk analysis for its services. It is updated annually and whenever new technical or functional components are defined (and generally whenever the risk profile requires it).

Security by design

Memority is designed for end-to-end security, in line with DevSecOps best practices. From risk analysis to the implementation of mitigation actions, source code is subject to peer code review as well as automatic static (SAST)

and dynamic (DAST)code review using tools included in our development software factory.Our senior developers are CSSLP (Certified Secure Software Lifecycle Professional) certified by ISC2.


All our servers are surface encrypted (data encrypted at rest). All data flows, both internal and external, are encrypted (data encrypted in transit).

Security architecture

The Memority architecture is divided into specialized zones based on the principle of in depth defense. All the services required for such an architecture are in place: anti-DDOS system, firewall, web application firewall, etc. All operating systems are state-of-the-art hardened.


Memority is supervised by the Thales SOC in real time to detect intrusion attempts and counter them if necessary. An automatic vulnerability scan is performed on a daily basis to compare the software versions used with known vulnerability databases.

Vulnerability management

Based on the vulnerabilities detected and the associated criticality, Memority carries out software updates (patches or version upgrades) within a constrained timeframe, while respecting the service provided to our customers.

If necessary, while waiting for a patch to be applied, compensatory risk management measures, defined by our security team, can be implemented.

Inventory and change management

All our assets are inventoried in our Configuration Management Database (CMDB). Each change is subject to impact measurement, and internal and external communication if necessary. All changes are tracked.

Identity and authorization management

Memority has implemented the principle of least privilege and the principle of segregation of duties. Account and clearance reviews are carried out quarterly. All accesses benefit from MFA authentication.

Secret management

All Memority secrets linked to the platforms are stored in secure enclaves (HSM) to which access is strictly regulated.

Managing privileged accounts

Privileged accounts are nominative. Access after MFA authentication is via a VPN and through a bastion. The bastion records all administrator actions (both online commands and graphics).


To avoid any risk of downtime, Memority is protected by specific anti-DDOS measures.

Crisis management

Memority has defined a crisis management plan, including in particular the specifics of cyber incidents, in order to keep customers and the relevant authorities informed and to implement remediation actions as efficiently as possible.


Two external audits are carried out each year to ensure continuous improvement.

Certifications and qualifications

Memority is in the process of obtaining ISO27001 / ISO 27701 certification (target date: second half of 2024). At the same time, the Memority security team is discussing with ANSSI the road to  SecNumCloud SaaS qualification by 2025.


Our customers are authorized to audit their instances in accordance with Memority audit rules. We discuss with our customers and prospects the security measures in place and the improvements that could be made.


Memority complies with the RGPD (General Data Protection Regulation) as a subcontractor. All processing is carried out by Memority solely at the request of customers.

We set up processes for accessing (and deleting) personal data according to our customers’ wishes.

Scroll to Top