Alternatives
A verifiable-credential platform that doesn't require Entra ID.
Microsoft Entra Verified ID is bundled into Entra. Useful — if you already run Entra. Thoryn is the EU-native, scheme-neutral, IdP-independent alternative for everyone else. Here's the honest comparison.
Side by side
Thoryn vs Microsoft Entra Verified ID
The honest version. We say where they're better, too.
| Axis | Thoryn | Microsoft Entra Verified ID |
|---|---|---|
Data residency Thoryn is structurally EU-only. Azure EU regions exist but Microsoft's parent is US-incorporated. | EU-only (Hetzner Germany) | Azure global; EU regions available |
CLOUD Act exposure | Zero — Dutch incorporation | Direct — Microsoft is US-incorporated |
IdP lock-in Entra Verified ID issues into the Microsoft Authenticator wallet and is administered through the Entra portal — Entra ID is a hard dependency. | None — works with any IdP | Requires Entra ID (formerly Azure AD) |
Drop-in for existing Auth0 / Okta Thoryn rides as an upstream OIDC connection (see hub-in-okta and hub-in-auth0 recipes). Entra Verified ID assumes Entra ID is the IdP. | — | |
OAuth 2.0 / OIDC authorization server (general-purpose) | Via Entra ID, not Verified ID directly | |
VC issuance (OID4VCI) | ||
VC verification (OpenID4VP) | ||
SD-JWT VC | ||
mdoc / ISO 18013-5 | Preview / partial | |
ARF 1.4+ relying-party conformance | Tested against NL + EU reference wallets | Partial; EUDIW alignment evolving |
Wallet strategy Microsoft's wallet is the path of least resistance for Entra Verified ID. Other wallets work but are second-class. | Scheme-neutral — works with any ARF wallet | Microsoft Authenticator-first |
Distribution / brand Microsoft's distribution is the strongest pro-Microsoft argument; it's the reason customers default to it. | Growing EU footprint | Massive — bundled with M365 / Azure AD P1/P2 |
Pricing model | Three public tiers, contact for quote | Bundled with Entra ID licensing (P1/P2) |
NIS2 / DORA evidence pack | Microsoft compliance documentation (broad, not VC-specific) |
When Thoryn is the better fit
- You're not on Entra ID and don't want to migrate your IdP just to add verifiable credentials
- You're already on Auth0 or Okta — Thoryn drops in via a pre-built recipe instead of replacing the IdP
- EU-only data residency is a yes/no question your security review needs to answer
- You want a scheme-neutral wallet strategy — your users may show up with any ARF-conformant wallet, not just Microsoft Authenticator
- You're a regulated EU buyer (financial services, healthcare, public sector) and CLOUD Act exposure is a hard constraint
When Microsoft Entra Verified ID is the better fit
- You're already deep in M365 / Entra ID — bundled licensing is hard to beat on cost alone
- Your wallet strategy is 'Microsoft Authenticator everywhere' and you don't need third-party wallets
- EU-only data residency isn't a hard requirement and Azure EU regions are sufficient
- You want a single vendor for IdP, MDM, productivity, and VC — Microsoft covers all of those
- Your customer base is enterprise-Windows-first and Microsoft's distribution / familiarity is the deciding factor
Considering a move from Microsoft Entra Verified ID?
Book a 30-minute migration conversation. We'll tell you when Thoryn is the right call — and when it isn't.