SERAM uses a claims-based authentication system for associating data received from trusted logon providers to users.

This approach has many benefits:

• Users can continue to use their existing login and transparently access SERAM.
• SERAM does neither store nor process passwords. This is an important security factor: Even if the application was somehow compromised, an attacker could not obtain any login information.
• Different authentication systems can be used concurrently to authenticate against SERAM, such as SAML2 IDP, OAuth2 and OpenID.
• One user account may be associated to multiple claims of different providers. Changing the authentication provider does therefore not require creating a new user account.
• Authentication providers may implement security best practices auch as two-factor authentication technologies without affecting the main software.
• Disabling a user account in SERAM will prevent access, no matter which login provider was being used.

In the SaaS environment, for small companies or individuals who do not have a centralized authentication provider in place, an OpenID provider doing username-password authentiation is provided for convenience. This provider uses a database which is built with one-way hashes of e-mail addresses and passwords, so that no login information can be obtained from the database if it was compromised.