Techniques are disclosed relating to authenticating communications. A computer system may generate a master private key usable to derive user-specific private keys for a plurality of users hosted by a particular application. The computer system may generate master public configuration information usable to derive user-specific public keys for the plurality of users. The computer system may send that configuration information to a directory service accessible to applications that communicate with the particular application. The computer system may receive, from the particular application, a request for a user-specific private key for one of the plurality of users. The request may include an identifier of the user. The computer system may perform a key derivation function to generate a particular user-specific private key based on the master private key and the identifier of the user. The computer system may send the particular user-specific private key to the particular application.