ZKsync SSO is a white-label, enterprise-ready ecosystem wallet that plugs into your existing authentication flows, enabling passkey login, brand-controlled UX, and seamless self-custodial onchain transactions.
| Your priority | Pain with conventional wallets | How ZKsync SSO addresses it |
|---|---|---|
| Brand-controlled UX | Redirects to third-party wallets erode trust and create drop-offs | Fully white-label interface hosted under your domain |
| Seamless enterprise login | Onchain wallets require seed phrases and extensions, blocked by IT policies | Embed directly into your existing login flow, every authenticated user gets a self-custodial account instantly |
| High conversion | Complex setup and signature fatigue kill adoption | Passkey-based onboarding and session keys remove friction |
| Regulatory readiness | Custodial key stores, closed SDKs, and opaque audit trails increase compliance risk | Non-custodial, open-source, security-audited architecture |
| No vendor lock-in | Per-user fees and proprietary APIs | MIT-licensed code, fully self-hosted, no recurring licensing costs |
| Capability | For your organization | For your users |
|---|---|---|
| White-Label Smart Wallet | Host the authentication server, dashboard, and UI widgets in-house. Maintain brand integrity, control data, and meet security requirements. | Interact within your branded environment without third-party redirects. |
| Passkey-First Onboarding | SDK converts biometric login or SSO credentials into a self-custodial account, driving higher adoption. Option: Plug in Dynamic.xyz to offer email and social login that provisions an embedded wallet with a native onchain passkey. | Instant wallet creation via Face ID, fingerprint, or corporate login. Sign up with email or a social account (via Dynamic.xyz) and start transacting immediately—no extensions or seed phrases. |
| Session Keys | Pre-authorize actions with spend/time limits to streamline UX and enforce policy controls. | Execute transactions without repeated signing requests. |
| Gas Abstraction | Sponsor fees or bill in ERC-20 tokens to eliminate a top user drop-off point. | Interact without managing gas fees. |
| Enterprise-Grade Security | Open-source ERC-4337/7579 modules with keys stored client-side, simplifying compliance reviews. | Secure, self-custodial accounts with guardian/social recovery options. |
| Prividium Integration | Native privacy-layer support for confidential transactions. | Same-wallet experience for both public and private transfers. |
| Rapid Deployment | SDKs, CLIs, and sample apps enable integration within existing enterprise workflows in hours. | Minimal disruption, continuous UX improvements. |
Passkey login • Biometric/device credentials • Passwordless recovery
ERC-4337 core • ERC-7579 validators • Upgradeable modules (no address change)
Time-bound approvals • Spend/contract limits • One-click revocation
Native paymaster • Sponsor fees or bill in tokens • Gasless UX
Multi-device sync • Guardian/social recovery
Self-hosted auth server • Custom dashboard • Brandable widgets
JS, TS, React Native • Wagmi connector • CLI
Open-source • Multiple third-party audits
An open-source, self-hosted smart-wallet and login layer that turns any authenticated user into a self-custodial on-chain account.
You keep control: no third-party custody, no vendor lock-in, no per-user fees. You own branding, data, deployment, and roadmap.
No. Keys are device passkeys (WebAuthn) and never leave user hardware. Signing happens client-side; the auth server never sees or holds private keys.
Yes. Contracts and server components are public and undergo regular third-party audits.
You host it. PII and auth metadata remain within your environment per your data-residency policies. The wallet layer does not require exporting user PII to third parties.
Teams commonly embed passkey login and wallet creation in hours using the JS SDK and prebuilt UI components. Depth (policy, theming, custom flows) is up to you.
Yes. You can optionally integrate Dynamic.xyz to let users sign up with email or social accounts; Dynamic provisions an embedded wallet on ZKsync secured by a native on-chain passkey.
Yes. You can self-host the auth server and dashboard under your domain and customize the UI to meet brand-governance requirements.
Session keys allow pre-approved actions within time/spend limits (no constant prompts). Paymasters let you sponsor gas, bill in ERC-20s, or offer gasless flows.
Multi-device passkeys plus optional guardian/social recovery patterns. Admin-driven policy can time-box sessions and revoke session keys instantly.
Yes. React Native SDK is available today. Native Swift and Kotlin SDKs are planned for Q4 2025.
Yes. SSO is integrated with Prividium for privacy-first transactions on Prividium chains, enabling confidential transfers within the same wallet UX.
MIT-licensed software, free to deploy. You host it; there are no recurring licensing or per-user fees.
Modular ERC-7579 validators and upgradeable account modules allow new capabilities without changing user addresses, minimizing change-management overhead.
Documentation 
GitHub 
Try it yourself