Identity hardening
Passkey-capable authentication, tenant OIDC/SSO, and account-security controls reduce phishing and password risk.
Security
vCongress combines modern account protection, strict role separation, and operational traceability for conference teams handling sensitive participant and submission data.
Public
Public SSR pages isolated from authenticated workflows.
Boundary
Authenticated access with role checks and request controls.
Control
Workflow rules for finance, communication, and participant operations.
Entity and audit
Domain events and operational context for audit-ready processes.
Passkey-capable authentication, tenant OIDC/SSO, and account-security controls reduce phishing and password risk.
Organizer, employee, admin, and participant scopes keep sensitive actions constrained to intended users.
Notification and domain-event visibility supports investigations, quality control, and process governance.
Public marketing frontend is separated from authenticated app runtime to reduce exposure.
Recipient preview before notification dispatch helps prevent broad targeting mistakes.
Invoice reminders, refunds, and cancellation flows are explicit platform actions with clear user context.
Enterprise OIDC connections use tenant-specific issuers, safe secret references, claim mapping, and role allowlisting.
Events can be configured for local registration, optional SSO, required SSO, or invite-only access.
vCongress supports standards-compliant OIDC discovery flows with HTTPS issuers, including Microsoft Entra ID and Keycloak-compatible providers.
External roles are mapped or allowlisted before they become vCongress roles. Administrative roles are not blindly accepted from an identity provider.
SAML is not presented as existing OIDC compatibility. If required, it is scoped as a separate enterprise identity integration.
Real-time event and action timelines help teams investigate issues faster and keep critical workflows transparent across organizer roles.
Public Runtime
Landing pages, SEO, campaign content, and conversion flows ship continuously in an isolated runtime.
Change scope: visibility, acquisition, messaging
Authenticated Runtime
Registration, submissions, finance, and organizer workflows run in a separately deployed, protected app surface.
Change scope: transactional workflows, access control, audit context
A marketing release cannot directly destabilize login, payments, or event execution workflows.
Growth teams and operations teams release in parallel without blocking each other’s deployment windows.
Security-critical changes follow stricter controls while public-site improvements iterate faster.