NQRust Identity · v1.0

Identity & Access Management.
Self-Hosted. Airgapped Ready.

A complete SSO stack with an offline-first mobile authenticator and a one-command installer. Built for teams that need full control over identity, sessions, and audit trail.

Download Installer· Free 1Y Trial
Self-hosted· Airgapped· OIDC / OAuth2 / SAML· Audit trail
01 · stack overview
YOUR APPSSELF-HOSTED · AIRGAPPED ZONEOIDCOIDCOIDCTOTP / HOTPenrolldeployUserBrowser / DeviceNQRust AuthMFA · TOTP / HOTPYour AppWeb · API · ServiceYour AppWeb · API · ServiceYour AppWeb · API · ServiceIdentity PortalNext.js · OIDC clientIdentity ServerOIDC · OAuth2 · SAMLNQRust InstallerTUI · Docker Compose
Auto
Why this exists

Identity management today is broken.

Enterprise IT teams deal with the same five problems. NQRust Identity is built to solve all of them.

Data sent abroad

Cloud IAM vendors store sensitive identity data in foreign jurisdictions.

Per-user pricing in USD

Bills balloon with team growth. FX swings make budgets unpredictable.

Internet-dependent

Cloud-only services don't fit airgapped, intelligence, or critical-infra setups.

Third-party authenticators

Users install Google or Microsoft Authenticator — no branding, no policy control.

Self-hosted is hard

Other open-source IAMs need months of specialist work to deploy and maintain.

Solution

One stack. Four components. One installer.

NQRust Identity isn't just an SSO server. You get a complete identity ecosystem — server, portal, mobile authenticator, and installer — all built to work together.

YOUR APPSSELF-HOSTED · AIRGAPPED ZONEOIDCOIDCOIDCTOTP / HOTPenrolldeployUserBrowser / DeviceNQRust AuthMFA · TOTP / HOTPYour AppWeb · API · ServiceYour AppWeb · API · ServiceYour AppWeb · API · ServiceIdentity PortalNext.js · OIDC clientIdentity ServerOIDC · OAuth2 · SAMLNQRust InstallerTUI · Docker Compose
Identity Server
OIDC · OAuth2 · SAML
Identity Portal
Branded admin & user UX
NQRust Auth
Mobile authenticator
Installer
TUI · airgapped-ready
USP #1 · Mobile

NQRust ships its own 2FA app.

Most identity vendors push users to Google or Microsoft Authenticator. NQRust comes with NQRust Auth — a first-party, offline-first authenticator built for the same stack as the server. One vendor, one support line, one experience.

First-party app — built and maintained by NQRust, not a third-party dependency
Offline-first — TOTP/HOTP codes generate without internet, ever
AES-256 encrypted local backup
PIN app lock — secure local storage
TOTP / HOTP RFC 6238 & 4226 compliant
Free APK download, no account required
Aspect
Third-party authenticator
NQRust Auth
Vendor
Google / Microsoft / others
Same stack as your IAM
Support line
External — not the IAM vendor
NQRust handles end-to-end
Server dependency
Some sync to vendor cloud
None — pure offline
NQRust Auth
portal.your-company.com
USP #2 · Portal

A portal that feels like your own product.

Not a generic login page. Not the default vendor admin UI. NQRust Identity Portal is a modern web app you can fully white-label, built on Next.js 16 + React 19 — UX on par with top-tier enterprise SaaS.

Full custom branding — logo, colors, copy
User dashboard: profile, sessions, 2FA devices, audit
License management built in
Admin tools for IT operators
Mobile-responsive, dark/light mode
USP #3 · Self-Hosted

Your data. Your servers. Your control.

Identity data is too sensitive to delegate. NQRust deploys 100% on-premise and supports fully airgapped installs for the most sensitive environments.

100% on-premise — every byte stays on your servers
Airgapped mode — single 3.5 GB binary, no internet required
Zero outbound telemetry by default
Your backup, your disaster recovery
nqrust-installer · zsh
USP #4 · 🇮🇩 Made in Indonesia

Made in Indonesia. PDN & TKDN Compliant.

Built by an Indonesian engineering team. Registered as PDN (Produk Dalam Negeri) with 100% TKDN — ready for government and SOE procurement under Presidential Instruction 2/2022 and national data sovereignty policy.

PDN-classified — registered as Produk Dalam Negeri
100% TKDN certified — eligible for government & SOE procurement
Aligned with Presidential Instruction 2/2022 on local-product priority
Local support team — same time zone, native-language assistance
Full data residency under Indonesian jurisdiction
Roadmap influenced directly by local customers
PDN registration & TKDN 100% certificate
PDN · TKDN 100% Certified
Identity you control — not rented from abroad.
PDN-classifiedTKDN 100%Government-readyBUMN-ready
04 · Architecture

Four services, one deployment.

The installer provisions Traefik, Identity Server, Portal (Next.js), and PostgreSQL on the same host — or split across hosts, to fit your scale. All sensitive traffic stays inside your airgapped zone.

YOUR APPSSELF-HOSTED · AIRGAPPED ZONEOIDCOIDCOIDCTOTP / HOTPenrolldeployUserBrowser / DeviceNQRust AuthMFA · TOTP / HOTPYour AppWeb · API · ServiceYour AppWeb · API · ServiceYour AppWeb · API · ServiceIdentity PortalNext.js · OIDC clientIdentity ServerOIDC · OAuth2 · SAMLNQRust InstallerTUI · Docker Compose
HTTPS · OIDC flow
TOTP / HOTP handshake
Provisioning · enroll
Security

Defense in depth, by default.

Strong security with no extra configuration. Standards: OIDC, OAuth2, SAML 2.0, RFC 6238, RFC 4226.

Encryption

TLS 1.3 in transit (auto-renew)
AES-256 at rest
PBKDF2 / Argon2 password hashing

Access Control

MFA enforced via NQRust Auth
RBAC + ABAC fine-grained policies
Short-lived access + rotating refresh tokens

Audit & Isolation

Full audit trail — login, permission, admin actions
Session management & device tracking
Zero outbound telemetry — airgap-safe by default
Comparison

NQRust vs cloud IAM.

How NQRust Identity stacks up against international cloud IAM platforms on what matters to local teams.

Aspect
Cloud IAM (foreign)
NQRust Identity
Data location
Foreign servers
Your servers, in Indonesia
PDN classification
Produk Dalam Negeri
TKDN compliance
100%
Airgapped mode
Not available
Built-in
Mobile authenticator
Third-party app
First-party (NQRust Auth)
Portal customization
Limited / paid tier
Full custom, included
Pricing model
Per-user-per-month, USD
Flat annual, IDR
Vendor lock-in
High (proprietary API)
Low (open standards)
Support
Global ticket portal
Local, Bahasa Indonesia
Data sovereignty
Foreign jurisdiction
Indonesian jurisdiction
Built for

Where NQRust Identity fits.

Designed for sectors with strict control, compliance, and sovereignty requirements — not generic SaaS workflows.

🏛️

Government & SOE

SSO for internal apps across ministries, regional governments, and SOEs. PDN/TKDN-eligible for procurement.

🏦

Banking & Fintech

On-premise identity that meets OJK data residency and audit requirements. Predictable annual licensing in IDR.

🛡️

Defense & Intelligence

Airgapped deployment with zero outbound traffic. TOTP-based MFA without third-party authenticator dependencies.

🏥

Healthcare

Role-based access for clinical staff, event logging for patient-record access, encrypted credential storage.

🏭

Industrial & OT

Identity layer for operational technology networks isolated from corporate IT — no internet dependency required.

🎓

Education & Research

Centralized SSO for thousands of student and faculty accounts. Self-hosted, low TCO, no per-user pricing.

06 · FAQ

Frequently asked questions.

All production features: unlimited users, SSO/OIDC/SAML, mobile 2FA, audit trail, and airgapped installer. The license key is generated the first time you run the installer. For renewals or a production license, contact sales.
Minimum: 2 vCPU, 4 GB RAM, 20 GB disk for small deployments (< 500 users). Recommended: 4 vCPU, 8 GB RAM, 50 GB SSD. Linux x86_64 or arm64, Docker 24+. PostgreSQL can be hosted separately or co-deployed by the installer.
The installer supports offline mode — download the bundle (~2.3 GB containing all container images) from a machine with internet access, transfer it to the target via storage media, then run the installer with the `--offline` flag. No outbound connections are required after installation.
No. All data (users, sessions, audit log, 2FA secrets) lives in your own PostgreSQL. NQRust has no access to your installation. The NQRust Auth mobile app is also fully offline — TOTP secrets are stored on-device with encryption.
30 days before the trial ends, the admin portal shows a reminder. Email sales at contact@nexusquantum.id to request a quotation. After payment, you'll receive a new license key — just paste it into the portal, no redeployment required.
Trial tier: best-effort via GitHub Issues and email. Production tier: Standard (1-business-day response) and Premium (4 hours, with a dedicated channel). Full SLA details available on a sales call.
Get started

Start today.

Free 1-year trial license. No credit card required. License key activated during install.

Download NQRust Installer

Linux x86_64 / arm64. Online & airgapped modes. Full stack (Identity, Portal, DB, Traefik) deployed in under 15 minutes.

Free 1-Year Trial~120 MB online · ~3.5 GB airgapped
Download NowRead the FAQ

Get NQRust Auth

First-party 2FA app for Android. Offline-first TOTP/HOTP, encrypted local backup, PIN app lock. Free, no account required.

FreeAndroid 8.0+ · ~25 MB
Download APK

Contact Sales

For live demos, POC engagements, custom licensing, or government/SOE procurement discussions — reach our team directly.

contact@nexusquantum.id
Email Sales
Documentation

Need install & configuration guides?

From quick-start and realm configuration to OIDC client integration and airgapped deployment scenarios — all covered in the docs.

Open Documentation