Platform Capabilities
Explore the Capabilities of the 1Kosmos Platform
Verification and Enrollment
Authentication
Identity Wallet
Platform
Interoperability
Government Issued ID
+
Government Issued ID
1Kosmos identity proofing utilizes a user’s driver’s license, passport, or national ID to validate identity with consent. 1Kosmos supports document verification for over 140 countries in approximately 2300 formats.
Third-Party Verification
+
Third-Party Verification
1Kosmos utilizes an API to verify and validate the scanned document and captured data.
Bank ID
+
Bank ID
1Kosmos APIs utilize non-physical references, such as a Bank ID, to validate user identity and to improve identity assurance and KYC checks.
Telco ID
+
Telco ID
1Kosmos APIs utilize non-physical references, such as a Telco ID, to validate user identity and to improve identity assurance and KYC checks.
Email Verification
+
Email Verification
Users verify and enroll their email address into their identity wallet. This verified email address is presented to interested parties as proof of ownership of an email address.
SSN Verification
+
SSN Verification
Validate against issuing authority, in seconds, a user’s Social Security number to identify fraudulent identities.
Passport Verification
+
Passport Verification
1Kosmos identity proofing technology captures the information in the ID and ensures that the ID is valid. For instance, 1Kosmos checks for common characteristics of the entered document to identify if a photocopy is used.
DL Verification
+
DL Verification
1Kosmos identity proofing technology captures the information in the ID and looks to ensure that the ID is valid. 1Kosmos checks if a photocopy is used and reads the RFID chip. If the chip cannot be read, then the data is not validated.
Phone Verification
+
Phone Verification
Users enroll a verified phone number into their mobile wallet. This verified phone number is presented to interested parties as proof of ownership of a phone number.
SIM Binding
+
SIM Binding
Using a combination of SIM detection and SMS verification, 1Kosmos is enabled to validate a user’s mobile number against a user’s account.
Liveness Detection
+
Liveness Detection
Using the expressions and a true-depth camera functionality, 1Kosmos utilizes a short selfie video that requires randomized facial movements to detect liveness and is certified to NIST 800-63-3 and iBeta ISO/IEC 30107-3 standards.
Digital Identity Score
+
Digital Identity Score
Based on what the user presented to prove identity at the time of enrollment, users will build an identity score. As users enroll and verify government issued IDs and non-physical IDs, their score will increase up to an IAL2.
Non Biased Decisioning
+
Non Biased Decisioning
Our distributed identity framework is private by design. This ensures that each user is verified independently of others and ensures a non-bias race and gender decisioning.
Private Permissioned Blockchain
+
Private Permissioned Blockchain
1Kosmos uses a blockchain network that is restricted to a group of users or organizations where participants must be granted permission to join. This is in contrast to a public blockchain, where anyone can participate without needing permission.
App and Appless Workflow
+
App and Appless Workflow
Organizations can implement a workflow for authentication and/or verification which utilizes an app-based workflow or an appless workflow. In an appless workflow, authentication or verification is completed through a browser.
ID Verification & Watchlist
+
ID Verification & Watchlist
ID verification and watchlists monitor for suspicious activities to catch syntheticID and account fraud. The user biometric is stored and added to the list so that if a fraudulent biometric is attempted again, the account creation will fail.
Employee On-Boarding
+
Employee On-Boarding
1Kosmos offers a tailorable new and existing account origination process for employees and contractors, delivering the highest degree of user assurance. New users can self-verify their identity or organizations can enroll existing users into the 1Kosmos identity based authentication platform.
Customer Enrollment
+
Customer Enrollment
1Kosmos offers a tailorable new account origination process for customers or citizens, delivering the highest degree of end-user assurance. New users self-verify their identity using government issued IDs, telco ID accounts, banking credentials or even social media ID.
Decentralized Credential Storage
+
Decentralized Credential Storage
1Kosmos gives users control over their personal, verified information and allows them to share it on demand in a safe and secure way plus maintains a complete, immutable history of each identity request and exchange.
SMS One-Time Password (OTP)
+
SMS One-Time Password (OTP)
Delivers a time-sensitive security code via text message to verify user identity during login. Supports session-based authentication with built-in expiration to reduce unauthorized access risk. Can be configured to send the OTP to multiple verified phone numbers on file, enhancing deliverability and user accessibility.
Email One-Time Password (OTP)
+
Email One-Time Password (OTP)
Sends a session-specific, time-limited security code to the user’s email address for identity verification during login. Provides a familiar and accessible form of multi-factor authentication.
Voice One-Time Password (OTP)
+
Voice One-Time Password (OTP)
Delivers a session-specific, time-limited security code via automated voice call to the user’s phone number. Ideal for users without access to SMS or email. Supports multiple languages to accommodate diverse user populations and meet regional compliance requirements.
Time-based One-Time Password (TOTP)
+
Time-based One-Time Password (TOTP)
Generates a unique, 30-second security code tied to the requesting system, delivered through the 1Kosmos authenticator app. This method proves possession of the registered device and is protected by biometric authentication, adding a secure, user-friendly layer of verification.
Hardware One-Time Password (HOTP)
+
Hardware One-Time Password (HOTP)
Supports event-based authentication using physical tokens such as OneSpan devices that generate one-time passcodes with each press. Ideal for users without mobile devices or in high-security, offline environments. Requires distribution and management of physical tokens for each individual user.
Passkey-Based Biometric Authentication
+
Passkey-Based Biometric Authentication
Enables phishing-resistant authentication through built-in laptop biometrics like fingerprint or facial recognition without requiring a mobile app. Bound to the user’s device and organization domain, passkeys can’t be spoofed or reused. Ensures strong possession and presence by requiring the user to be physically present on their trusted device.
Single User Security Keys
+
Single User Security Keys
Supports FIDO2-compliant security keys, including 1Kosmos-branded and third-party options for phishing-resistant authentication. Keys are bound to a single user and protected by a PIN or biometric verification, ensuring secure possession and user presence during login.
Universal Web Login (QR Code Authentication)
+
Universal Web Login (QR Code Authentication)
Enables passwordless login to any web or mobile application by scanning a QR code with the 1Kosmos mobile app. This secure, app-based experience initiates a biometric verification and/or push notification. It's built on a flexible framework that can be embedded across enterprise systems for consistent, frictionless access.
Push Authentication
+
Push Authentication
Sends a real-time login request to the user’s trusted mobile or desktop device. The user can approve or deny access with a single tap. Includes a number challenge to verify intent and protect against MFA push bombing, ensuring only legitimate login attempts are approved.
Mobile Biometric Authentication (Face ID / Touch ID)
+
Mobile Biometric Authentication (Face ID / Touch ID)
Uses built-in biometric sensors on iOS and Android devices to verify user identity through the 1Kosmos app. This method enables secure, passwordless login with strong device binding and user presence assurance.
LiveID Biometric Authentication
+
LiveID Biometric Authentication
Uses the front-facing camera on a mobile device to capture a short video selfie, verifying both liveness and identity in real time. LiveID confirms the user is physically present and matches the enrolled identity before granting access, making it resistant to deepfakes, spoofing, and static image attacks.
SSO
+
SSO
Replaces traditional usernames, passwords, and 2FA with verified user identity at the point of entry. 1Kosmos authenticates users through strong identity-based methods before granting access to the SSO platform, ensuring that every connected application inherits that same high level of trust. Supports SAML, OIDC, and WS-FED protocols for seamless integration.
Directory Support
+
Directory Support
Supports Active Directory, Entra ID, LDAP, Directory Source
SAML
+
SAML
Supports Security Assertion Markup Language (SAML) to enable seamless, passwordless login experiences across enterprise applications. By configuring 1Kosmos as the identity provider (IdP), organizations can authenticate users with verified identity instead of credentials, enhancing both security and user experience.
OIDC and OAuth 2.0 Support
+
OIDC and OAuth 2.0 Support
1Kosmos supports OpenID Connect (OIDC) and OAuth 2.0 protocols to enable secure, standards-based authentication and authorization. Depending on the use case, 1Kosmos can act as either the Identity Provider (IdP) or the Service Provider (SP), offering flexible integration into modern identity ecosystems.
Windows MFA
+
Windows MFA
Extends strong, passwordless authentication to Windows desktops using the 1Kosmos MFA agent. Users can log in with push, QR code, security keys, or TOTP, whether online or offline, directly from the Windows login screen. Supports secure RDP sessions, shared accounts, and emergency local admin access.
Linux
+
Linux
Integrates 1Kosmos directly into the Linux SSH login via PAM. Supports standalone passwordless login or MFA, including push notifications, TOTP, SMS, email, and voice OTP. Admins can configure multiple authentication methods, allowing users to choose their preferred option or enforce combined factors. Authenticates online or offline over SSH.
Radius
+
Radius
1Kosmos provides a command-line RADIUS Auth Proxy that links your AD/LDAP user directories to RADIUS clients. Administrators can configure it to support secure authentication methods such as push notifications, IVR voice calls, and one-time passcodes, allowing flexible, passwordless or MFA flows over RADIUS. The proxy works online and offline and can be managed and monitored through AdminX.
LDAP Proxy
+
LDAP Proxy
Enables passwordless or multi-factor authentication for applications using LDAP by integrating the 1Kosmos Auth Proxy. Intercepts LDAP bind requests and enforces policies based on user, group, or service account attributes. Supports push, OTP, and voice call verification with minimal changes to backend systems.
Desktop Authenticator (Orion)
+
Desktop Authenticator (Orion)
Provides strong MFA and passwordless authentication for web applications through a lightweight desktop app. When logging in, users receive a push notification on their workstation to approve or deny access. Offers a seamless alternative to mobile-based verification for users who prefer or require desktop-only workflows.
Password Reset
+
Password Reset
Enables secure self-service password reset from the 1Kosmos mobile app or web portal. Users can receive a reset link via email or phone and complete the process with identity verification, reducing helpdesk burden and preventing account takeover.
Offline Login
+
Offline Login
Allows users to authenticate even without internet access by generating a time-limited, event-specific OTP through the 1Kosmos app. Ensures secure login continuity for workstations during network outages or travel.
Remote Access
+
Remote Access
Replaces usernames and passwords with identity-based authentication to securely access remote systems. 1Kosmos verifies the real user behind each login, enabling strong, phishing-resistant access without shared credentials.
Privileged Access Management (PAM)
+
Privileged Access Management (PAM)
Protects access to critical systems by verifying the true identity of privileged users before login. 1Kosmos replaces static credentials with identity-based authentication, reducing the risk of credential abuse and securing access to sensitive systems and applications.
Context-Aware Authentication Policies
+
Context-Aware Authentication Policies
Triggers authentication journeys based on user attributes like IP address and geolocation. 1Kosmos dynamically adapts the authentication flow to enforce stronger security in higher-risk scenarios.
Custom Login Page Branding
+
Custom Login Page Branding
1Kosmos allows branding on the login page and end user facing pages to match the enterprise brand.
Adhoc Reports
+
Adhoc Reports
1Kosmos provides adhoc reports on login activity and events within the tenant.
NFC Support
+
NFC Support
1Kosmos leverages the NFC reader in mobile devices to read NFC chips on passports to capture and verify data.
Support for Multiple Accounts / Personas
+
Support for Multiple Accounts / Personas
Within the 1Kosmos app, users have multiple accounts or personas. This capability allows users to have different login workflows. This will enable organizations to require a separate account or persona for technologies that cannot go passwordless.
Device Biometrics (TouchID / FaceID)
+
Device Biometrics (TouchID / FaceID)
1Kosmos leverages the built-in Face ID or Touch ID identity technologies available on today’s devices for authentication into the identity wallet.
Mobile SDK (iOS, Android)
+
Mobile SDK (iOS, Android)
The 1Kosmos mobile SDK, integrates functionality into an existing app or service. This approach allows organizations to eliminate silos created when managing multiple apps and services.
Password Reset/Forgot
+
Password Reset/Forgot
Through the 1Kosmos app or user portal, users easily reset their passwords if and when needed for applications that cannot go passwordless.
Zero Trust Device Checks
+
Zero Trust Device Checks
The 1Kosmos app performs a zero trust check at every login for device tampering like a jailbreak.
Identity Portability (BYOI)
+
Identity Portability (BYOI)
1Kosmos enables a user to self manage their digital identity to share PII data with requesting parties at their discretion.
Wallet Recovery
+
Wallet Recovery
1Kosmos offers a recovery option for users in the case of a lost wallet.
White Labelling Support
+
White Labelling Support
The 1Kosmos mobile app can be white labeled, so you customize the look and feel to fit in with your brand identity and improve the user experience.
Web/Mobile Managed Wallet
+
Web/Mobile Managed Wallet
1Kosmos supports both mobile (for an app based journey) or a web wallet (for an appless journey) for users to manage their digital identity,
W3C - DID Compliant
+
W3C - DID Compliant
1Kosmos stores customer information in a distributed ledger, compliant to W3C DID standards.
W3C - Verifiable Credentials
+
W3C - Verifiable Credentials
1Kosmos issues verifiable credentials, which are digitally signed and are tamper-resistant, traceable, and instantaneously verifiable.
Credential Service Provider (CSP)
+
Credential Service Provider (CSP)
1Kosmos is deployed as a CSP to collect and verify information about a user and to verify that the claimed identity is associated with the real person supplying the identity evidence.
NIST 800-63-3
+
NIST 800-63-3
1Kosmos is certified by the Kantara Initiative to NIST800-63-3. Certification can be found here.
FIDO Certification
+
FIDO Certification
1Kosmos is certified by the FIDO Alliance. Certification can be found here.
OIDC and OAuth
+
OIDC and OAuth
Through the OIDC / OAuth workflow, 1Kosmos acts as both the Identity Provider (IdP) or as the Service Provider (SP), depending on the use case.
PSD2
+
PSD2
1Kosmos delivers PSD2 Compliant authentication while providing users with an exceptional customer experience.
SAML
+
SAML
Security Assertion Markup Language (SAML) supported by 1Kosmos enables a passwordless authentication solution for your organization's users by configuring 1Kosmos as the IdP.
RADIUS
+
RADIUS
1Kosmos integration with RADIUS accepts authentication requests from clients and enables secure logon with addition OTP.
GDPR Compliance
+
GDPR Compliance
1Kosmos provides a self-managed identity — including clear disclosures and consent to support GDPR Compliance initiatives.
Reporting and Dashboard
+
Reporting and Dashboard
The platform captures events and provides an easy-to-access interface to view/query the logs and provides a dashboard to monitor threats and to receive alerts on unauthorized access and unusual behavior patterns.
ISO 270001 Certification
+
ISO 270001 Certification
1Kosmos is certified ISO 27001 by the International Organization for Standardization (ISO). Certification can be found here.
SOC2 Certification
+
SOC2 Certification
1Kosmos is certified to SOC II Type 2. Certification can be found here.
Universal Web Login (UWL)
+
Universal Web Login (UWL)
1Kosmos supports universal web login (UWL) which is a flexible authentication framework that can be embedded into any web and mobile application to go passwordless using the 1Kosmos mobile app.
Custom Branding of Login Page
+
Custom Branding of Login Page
1Kosmos allows branding on the login page and end user facing pages to match corporate level branding.
Policy Based Authentication
+
Policy Based Authentication
Trigger authentication journeys based criteria such as IP Address and geolocation of the user.
Federation Standards
+
Federation Standards
1Kosmos comes out of the box with native compatibility with OIDC, OAuth2, SAML and RADIUS protocols.
Integration with Single Sign On (SSO) Solutions
+
Integration with Single Sign On (SSO) Solutions
1Kosmos comes out of the box with connectors into leading PAM solutions. See here. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with PAM Solutions
+
Integration with PAM Solutions
1Kosmos comes out of the box with connectors into leading PAM solutions. See here. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with IGA Solutions
+
Integration with IGA Solutions
1Kosmos comes out of the box with connectors into leading IGA solutions, including ServiceNow, SailPoint and Saviynt. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with Mobile Device Management (MDM) Solutions
+
Integration with Mobile Device Management (MDM) Solutions
1Kosmos comes out of the box with connectors into leading MDM solutions, including MobileIron and Blackberry. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with Remote Access
+
Integration with Remote Access
1Kosmos comes out of the box with connectors into leading Remote Access solutions. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Integration with VPN
+
Integration with VPN
1Kosmos comes out of the box with connectors into leading VPN solutions. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
FIDO2 and WebAuthN Support
+
FIDO2 and WebAuthN Support
1Kosmos enables FIDO-based authentication via WebAuthn to supported browsers and platforms, allowing users to authenticate with built-in biometrics, mobile devices, and security keys to websites and applications.
Fraud Management System Integration
+
Fraud Management System Integration
1Kosmos comes out of the box with connectors into leading Fraud Management Systems, including RSA and LexisNexis. For those solutions where a connector is not offered, our APIs provide easy integration.
Risk & Behaviour Based Management System Integration
+
Risk & Behaviour Based Management System Integration
1Kosmos comes out of the box with connectors into leading Risk & Behaviour Based Management Systems, including BehavioSec. For those solutions where a connector is not offered, our APIs provide easy integration.
Operating Systems
+
Operating Systems
1Kosmos comes out of the box with connectors into Mac, Windows and Linux/Unix operating systems. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Cloud Applications
+
Cloud Applications
1Kosmos comes out of the box with connectors into leading Cloud-based applications, including O365, Gsuite, Salesforce and more. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
DevOps Platforms
+
DevOps Platforms
1Kosmos comes out of the box with connectors into leading DevOps platforms, including GitHub, Gitlab and Atlassian. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Advanced Directory Support
+
Advanced Directory Support
1Kosmos integrates with AD, LDAP, Azure AD and our user store. 1Kosmos has the ability to authenticate users from multiple directories.
Verification and Enrollment
Authentication
Identity Wallet
Government Issued ID
+
Government Issued ID
1Kosmos identity proofing utilizes a user’s driver’s license, passport, or national ID to validate identity with consent. 1Kosmos supports document verification for over 140 countries in approximately 2300 formats.
Third-Party Verification
+
Third-Party Verification
1Kosmos utilizes an API to verify and validate the scanned document and captured data.
Bank ID
+
Bank ID
1Kosmos APIs utilize non-physical references, such as a Bank ID, to validate user identity and to improve identity assurance and KYC checks.
Telco ID
+
Telco ID
1Kosmos APIs utilize non-physical references, such as a Telco ID, to validate user identity and to improve identity assurance and KYC checks.
Email Verification
+
Email Verification
Users verify and enroll their email address into their identity wallet. This verified email address is presented to interested parties as proof of ownership of an email address.
SSN Verification
+
SSN Verification
Validate against issuing authority, in seconds, a user’s Social Security number to identify fraudulent identities.
Passport Verification
+
Passport Verification
1Kosmos identity proofing technology captures the information in the ID and ensures that the ID is valid. For instance, 1Kosmos checks for common characteristics of the entered document to identify if a photocopy is used.
DL Verification
+
DL Verification
1Kosmos identity proofing technology captures the information in the ID and looks to ensure that the ID is valid. 1Kosmos checks if a photocopy is used and reads the RFID chip. If the chip cannot be read, then the data is not validated.
Phone Verification
+
Phone Verification
Users enroll a verified phone number into their mobile wallet. This verified phone number is presented to interested parties as proof of ownership of a phone number.
SIM Binding
+
SIM Binding
Using a combination of SIM detection and SMS verification, 1Kosmos is enabled to validate a user’s mobile number against a user’s account.
Liveness Detection
+
Liveness Detection
Using the expressions and a true-depth camera functionality, 1Kosmos utilizes a short selfie video that requires randomized facial movements to detect liveness and is certified to NIST 800-63-3 and iBeta ISO/IEC 30107-3 standards.
Digital Identity Score
+
Digital Identity Score
Based on what the user presented to prove identity at the time of enrollment, users will build an identity score. As users enroll and verify government issued IDs and non-physical IDs, their score will increase up to an IAL2.
Non Biased Decisioning
+
Non Biased Decisioning
Our distributed identity framework is private by design. This ensures that each user is verified independently of others and ensures a non-bias race and gender decisioning.
Private Permissioned Blockchain
+
Private Permissioned Blockchain
1Kosmos uses a blockchain network that is restricted to a group of users or organizations where participants must be granted permission to join. This is in contrast to a public blockchain, where anyone can participate without needing permission.
App and Appless Workflow
+
App and Appless Workflow
Organizations can implement a workflow for authentication and/or verification which utilizes an app-based workflow or an appless workflow. In an appless workflow, authentication or verification is completed through a browser.
ID Verification & Watchlist
+
ID Verification & Watchlist
ID verification and watchlists monitor for suspicious activities to catch syntheticID and account fraud. The user biometric is stored and added to the list so that if a fraudulent biometric is attempted again, the account creation will fail.
Employee On-Boarding
+
Employee On-Boarding
1Kosmos offers a tailorable new and existing account origination process for employees and contractors, delivering the highest degree of user assurance. New users can self-verify their identity or organizations can enroll existing users into the 1Kosmos identity based authentication platform.
Customer Enrollment
+
Customer Enrollment
1Kosmos offers a tailorable new account origination process for customers or citizens, delivering the highest degree of end-user assurance. New users self-verify their identity using government issued IDs, telco ID accounts, banking credentials or even social media ID.
Decentralized Credential Storage
+
Decentralized Credential Storage
1Kosmos gives users control over their personal, verified information and allows them to share it on demand in a safe and secure way plus maintains a complete, immutable history of each identity request and exchange.
SMS One-Time Password (OTP)
+
SMS One-Time Password (OTP)
Delivers a time-sensitive security code via text message to verify user identity during login. Supports session-based authentication with built-in expiration to reduce unauthorized access risk. Can be configured to send the OTP to multiple verified phone numbers on file, enhancing deliverability and user accessibility.
Email One-Time Password (OTP)
+
Email One-Time Password (OTP)
Sends a session-specific, time-limited security code to the user’s email address for identity verification during login. Provides a familiar and accessible form of multi-factor authentication.
Voice One-Time Password (OTP)
+
Voice One-Time Password (OTP)
Delivers a session-specific, time-limited security code via automated voice call to the user’s phone number. Ideal for users without access to SMS or email. Supports multiple languages to accommodate diverse user populations and meet regional compliance requirements.
Time-based One-Time Password (TOTP)
+
Time-based One-Time Password (TOTP)
Generates a unique, 30-second security code tied to the requesting system, delivered through the 1Kosmos authenticator app. This method proves possession of the registered device and is protected by biometric authentication, adding a secure, user-friendly layer of verification.
Hardware One-Time Password (HOTP)
+
Hardware One-Time Password (HOTP)
Supports event-based authentication using physical tokens such as OneSpan devices that generate one-time passcodes with each press. Ideal for users without mobile devices or in high-security, offline environments. Requires distribution and management of physical tokens for each individual user.
Passkey-Based Biometric Authentication
+
Passkey-Based Biometric Authentication
Enables phishing-resistant authentication through built-in laptop biometrics like fingerprint or facial recognition without requiring a mobile app. Bound to the user’s device and organization domain, passkeys can’t be spoofed or reused. Ensures strong possession and presence by requiring the user to be physically present on their trusted device.
Single User Security Keys
+
Single User Security Keys
Supports FIDO2-compliant security keys, including 1Kosmos-branded and third-party options for phishing-resistant authentication. Keys are bound to a single user and protected by a PIN or biometric verification, ensuring secure possession and user presence during login.
Universal Web Login (QR Code Authentication)
+
Universal Web Login (QR Code Authentication)
Enables passwordless login to any web or mobile application by scanning a QR code with the 1Kosmos mobile app. This secure, app-based experience initiates a biometric verification and/or push notification. It's built on a flexible framework that can be embedded across enterprise systems for consistent, frictionless access.
Push Authentication
+
Push Authentication
Sends a real-time login request to the user’s trusted mobile or desktop device. The user can approve or deny access with a single tap. Includes a number challenge to verify intent and protect against MFA push bombing, ensuring only legitimate login attempts are approved.
Mobile Biometric Authentication (Face ID / Touch ID)
+
Mobile Biometric Authentication (Face ID / Touch ID)
Uses built-in biometric sensors on iOS and Android devices to verify user identity through the 1Kosmos app. This method enables secure, passwordless login with strong device binding and user presence assurance.
LiveID Biometric Authentication
+
LiveID Biometric Authentication
Uses the front-facing camera on a mobile device to capture a short video selfie, verifying both liveness and identity in real time. LiveID confirms the user is physically present and matches the enrolled identity before granting access, making it resistant to deepfakes, spoofing, and static image attacks.
SSO
+
SSO
Replaces traditional usernames, passwords, and 2FA with verified user identity at the point of entry. 1Kosmos authenticates users through strong identity-based methods before granting access to the SSO platform, ensuring that every connected application inherits that same high level of trust. Supports SAML, OIDC, and WS-FED protocols for seamless integration.
Directory Support
+
Directory Support
Supports Active Directory, Entra ID, LDAP, Directory Source
SAML
+
SAML
Supports Security Assertion Markup Language (SAML) to enable seamless, passwordless login experiences across enterprise applications. By configuring 1Kosmos as the identity provider (IdP), organizations can authenticate users with verified identity instead of credentials, enhancing both security and user experience.
OIDC and OAuth 2.0 Support
+
OIDC and OAuth 2.0 Support
1Kosmos supports OpenID Connect (OIDC) and OAuth 2.0 protocols to enable secure, standards-based authentication and authorization. Depending on the use case, 1Kosmos can act as either the Identity Provider (IdP) or the Service Provider (SP), offering flexible integration into modern identity ecosystems.
Windows MFA
+
Windows MFA
Extends strong, passwordless authentication to Windows desktops using the 1Kosmos MFA agent. Users can log in with push, QR code, security keys, or TOTP, whether online or offline, directly from the Windows login screen. Supports secure RDP sessions, shared accounts, and emergency local admin access.
Linux
+
Linux
Integrates 1Kosmos directly into the Linux SSH login via PAM. Supports standalone passwordless login or MFA, including push notifications, TOTP, SMS, email, and voice OTP. Admins can configure multiple authentication methods, allowing users to choose their preferred option or enforce combined factors. Authenticates online or offline over SSH.
Radius
+
Radius
1Kosmos provides a command-line RADIUS Auth Proxy that links your AD/LDAP user directories to RADIUS clients. Administrators can configure it to support secure authentication methods such as push notifications, IVR voice calls, and one-time passcodes, allowing flexible, passwordless or MFA flows over RADIUS. The proxy works online and offline and can be managed and monitored through AdminX.
LDAP Proxy
+
LDAP Proxy
Enables passwordless or multi-factor authentication for applications using LDAP by integrating the 1Kosmos Auth Proxy. Intercepts LDAP bind requests and enforces policies based on user, group, or service account attributes. Supports push, OTP, and voice call verification with minimal changes to backend systems.
Desktop Authenticator (Orion)
+
Desktop Authenticator (Orion)
Provides strong MFA and passwordless authentication for web applications through a lightweight desktop app. When logging in, users receive a push notification on their workstation to approve or deny access. Offers a seamless alternative to mobile-based verification for users who prefer or require desktop-only workflows.
Password Reset
+
Password Reset
Enables secure self-service password reset from the 1Kosmos mobile app or web portal. Users can receive a reset link via email or phone and complete the process with identity verification, reducing helpdesk burden and preventing account takeover.
Offline Login
+
Offline Login
Allows users to authenticate even without internet access by generating a time-limited, event-specific OTP through the 1Kosmos app. Ensures secure login continuity for workstations during network outages or travel.
Remote Access
+
Remote Access
Replaces usernames and passwords with identity-based authentication to securely access remote systems. 1Kosmos verifies the real user behind each login, enabling strong, phishing-resistant access without shared credentials.
Privileged Access Management (PAM)
+
Privileged Access Management (PAM)
Protects access to critical systems by verifying the true identity of privileged users before login. 1Kosmos replaces static credentials with identity-based authentication, reducing the risk of credential abuse and securing access to sensitive systems and applications.
Context-Aware Authentication Policies
+
Context-Aware Authentication Policies
Triggers authentication journeys based on user attributes like IP address and geolocation. 1Kosmos dynamically adapts the authentication flow to enforce stronger security in higher-risk scenarios.
Custom Login Page Branding
+
Custom Login Page Branding
1Kosmos allows branding on the login page and end user facing pages to match the enterprise brand.
Adhoc Reports
+
Adhoc Reports
1Kosmos provides adhoc reports on login activity and events within the tenant.
NFC Support
+
NFC Support
1Kosmos leverages the NFC reader in mobile devices to read NFC chips on passports to capture and verify data.
Support for Multiple Accounts / Personas
+
Support for Multiple Accounts / Personas
Within the 1Kosmos app, users have multiple accounts or personas. This capability allows users to have different login workflows. This will enable organizations to require a separate account or persona for technologies that cannot go passwordless.
Device Biometrics (TouchID / FaceID)
+
Device Biometrics (TouchID / FaceID)
1Kosmos leverages the built-in Face ID or Touch ID identity technologies available on today’s devices for authentication into the identity wallet.
Mobile SDK (iOS, Android)
+
Mobile SDK (iOS, Android)
The 1Kosmos mobile SDK, integrates functionality into an existing app or service. This approach allows organizations to eliminate silos created when managing multiple apps and services.
Password Reset/Forgot
+
Password Reset/Forgot
Through the 1Kosmos app or user portal, users easily reset their passwords if and when needed for applications that cannot go passwordless.
Zero Trust Device Checks
+
Zero Trust Device Checks
The 1Kosmos app performs a zero trust check at every login for device tampering like a jailbreak.
Identity Portability (BYOI)
+
Identity Portability (BYOI)
1Kosmos enables a user to self manage their digital identity to share PII data with requesting parties at their discretion.
Wallet Recovery
+
Wallet Recovery
1Kosmos offers a recovery option for users in the case of a lost wallet.
White Labelling Support
+
White Labelling Support
The 1Kosmos mobile app can be white labeled, so you customize the look and feel to fit in with your brand identity and improve the user experience.
Web/Mobile Managed Wallet
+
Web/Mobile Managed Wallet
1Kosmos supports both mobile (for an app based journey) or a web wallet (for an appless journey) for users to manage their digital identity,
Platform
Interoperability
W3C - DID Compliant
+
W3C - DID Compliant
1Kosmos stores customer information in a distributed ledger, compliant to W3C DID standards.
W3C - Verifiable Credentials
+
W3C - Verifiable Credentials
1Kosmos issues verifiable credentials, which are digitally signed and are tamper-resistant, traceable, and instantaneously verifiable.
Credential Service Provider (CSP)
+
Credential Service Provider (CSP)
1Kosmos is deployed as a CSP to collect and verify information about a user and to verify that the claimed identity is associated with the real person supplying the identity evidence.
NIST 800-63-3
+
NIST 800-63-3
1Kosmos is certified by the Kantara Initiative to NIST800-63-3. Certification can be found here.
FIDO Certification
+
FIDO Certification
1Kosmos is certified by the FIDO Alliance. Certification can be found here.
OIDC and OAuth
+
OIDC and OAuth
Through the OIDC / OAuth workflow, 1Kosmos acts as both the Identity Provider (IdP) or as the Service Provider (SP), depending on the use case.
PSD2
+
PSD2
1Kosmos delivers PSD2 Compliant authentication while providing users with an exceptional customer experience.
SAML
+
SAML
Security Assertion Markup Language (SAML) supported by 1Kosmos enables a passwordless authentication solution for your organization's users by configuring 1Kosmos as the IdP.
RADIUS
+
RADIUS
1Kosmos integration with RADIUS accepts authentication requests from clients and enables secure logon with addition OTP.
GDPR Compliance
+
GDPR Compliance
1Kosmos provides a self-managed identity — including clear disclosures and consent to support GDPR Compliance initiatives.
Reporting and Dashboard
+
Reporting and Dashboard
The platform captures events and provides an easy-to-access interface to view/query the logs and provides a dashboard to monitor threats and to receive alerts on unauthorized access and unusual behavior patterns.
ISO 270001 Certification
+
ISO 270001 Certification
1Kosmos is certified ISO 27001 by the International Organization for Standardization (ISO). Certification can be found here.
SOC2 Certification
+
SOC2 Certification
1Kosmos is certified to SOC II Type 2. Certification can be found here.
Universal Web Login (UWL)
+
Universal Web Login (UWL)
1Kosmos supports universal web login (UWL) which is a flexible authentication framework that can be embedded into any web and mobile application to go passwordless using the 1Kosmos mobile app.
Custom Branding of Login Page
+
Custom Branding of Login Page
1Kosmos allows branding on the login page and end user facing pages to match corporate level branding.
Policy Based Authentication
+
Policy Based Authentication
Trigger authentication journeys based criteria such as IP Address and geolocation of the user.
Federation Standards
+
Federation Standards
1Kosmos comes out of the box with native compatibility with OIDC, OAuth2, SAML and RADIUS protocols.
Integration with Single Sign On (SSO) Solutions
+
Integration with Single Sign On (SSO) Solutions
1Kosmos comes out of the box with connectors into leading PAM solutions. See here. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with PAM Solutions
+
Integration with PAM Solutions
1Kosmos comes out of the box with connectors into leading PAM solutions. See here. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with IGA Solutions
+
Integration with IGA Solutions
1Kosmos comes out of the box with connectors into leading IGA solutions, including ServiceNow, SailPoint and Saviynt. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with Mobile Device Management (MDM) Solutions
+
Integration with Mobile Device Management (MDM) Solutions
1Kosmos comes out of the box with connectors into leading MDM solutions, including MobileIron and Blackberry. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with Remote Access
+
Integration with Remote Access
1Kosmos comes out of the box with connectors into leading Remote Access solutions. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Integration with VPN
+
Integration with VPN
1Kosmos comes out of the box with connectors into leading VPN solutions. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
FIDO2 and WebAuthN Support
+
FIDO2 and WebAuthN Support
1Kosmos enables FIDO-based authentication via WebAuthn to supported browsers and platforms, allowing users to authenticate with built-in biometrics, mobile devices, and security keys to websites and applications.
Fraud Management System Integration
+
Fraud Management System Integration
1Kosmos comes out of the box with connectors into leading Fraud Management Systems, including RSA and LexisNexis. For those solutions where a connector is not offered, our APIs provide easy integration.
Risk & Behaviour Based Management System Integration
+
Risk & Behaviour Based Management System Integration
1Kosmos comes out of the box with connectors into leading Risk & Behaviour Based Management Systems, including BehavioSec. For those solutions where a connector is not offered, our APIs provide easy integration.
Operating Systems
+
Operating Systems
1Kosmos comes out of the box with connectors into Mac, Windows and Linux/Unix operating systems. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Cloud Applications
+
Cloud Applications
1Kosmos comes out of the box with connectors into leading Cloud-based applications, including O365, Gsuite, Salesforce and more. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
DevOps Platforms
+
DevOps Platforms
1Kosmos comes out of the box with connectors into leading DevOps platforms, including GitHub, Gitlab and Atlassian. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Advanced Directory Support
+
Advanced Directory Support
1Kosmos integrates with AD, LDAP, Azure AD and our user store. 1Kosmos has the ability to authenticate users from multiple directories.
Verification and Enrollment
Authentication
Government Issued ID
+
Government Issued ID
1Kosmos identity proofing utilizes a user’s driver’s license, passport, or national ID to validate identity with consent. 1Kosmos supports document verification for over 140 countries in approximately 2300 formats.
Third-Party Verification
+
Third-Party Verification
1Kosmos utilizes an API to verify and validate the scanned document and captured data.
Bank ID
+
Bank ID
1Kosmos APIs utilize non-physical references, such as a Bank ID, to validate user identity and to improve identity assurance and KYC checks.
Telco ID
+
Telco ID
1Kosmos APIs utilize non-physical references, such as a Telco ID, to validate user identity and to improve identity assurance and KYC checks.
Email Verification
+
Email Verification
Users verify and enroll their email address into their identity wallet. This verified email address is presented to interested parties as proof of ownership of an email address.
SSN Verification
+
SSN Verification
Validate against issuing authority, in seconds, a user’s Social Security number to identify fraudulent identities.
Passport Verification
+
Passport Verification
1Kosmos identity proofing technology captures the information in the ID and ensures that the ID is valid. For instance, 1Kosmos checks for common characteristics of the entered document to identify if a photocopy is used.
DL Verification
+
DL Verification
1Kosmos identity proofing technology captures the information in the ID and looks to ensure that the ID is valid. 1Kosmos checks if a photocopy is used and reads the RFID chip. If the chip cannot be read, then the data is not validated.
Phone Verification
+
Phone Verification
Users enroll a verified phone number into their mobile wallet. This verified phone number is presented to interested parties as proof of ownership of a phone number.
SIM Binding
+
SIM Binding
Using a combination of SIM detection and SMS verification, 1Kosmos is enabled to validate a user’s mobile number against a user’s account.
Liveness Detection
+
Liveness Detection
Using the expressions and a true-depth camera functionality, 1Kosmos utilizes a short selfie video that requires randomized facial movements to detect liveness and is certified to NIST 800-63-3 and iBeta ISO/IEC 30107-3 standards.
Digital Identity Score
+
Digital Identity Score
Based on what the user presented to prove identity at the time of enrollment, users will build an identity score. As users enroll and verify government issued IDs and non-physical IDs, their score will increase up to an IAL2.
Non Biased Decisioning
+
Non Biased Decisioning
Our distributed identity framework is private by design. This ensures that each user is verified independently of others and ensures a non-bias race and gender decisioning.
Private Permissioned Blockchain
+
Private Permissioned Blockchain
1Kosmos uses a blockchain network that is restricted to a group of users or organizations where participants must be granted permission to join. This is in contrast to a public blockchain, where anyone can participate without needing permission.
App and Appless Workflow
+
App and Appless Workflow
Organizations can implement a workflow for authentication and/or verification which utilizes an app-based workflow or an appless workflow. In an appless workflow, authentication or verification is completed through a browser.
ID Verification & Watchlist
+
ID Verification & Watchlist
ID verification and watchlists monitor for suspicious activities to catch syntheticID and account fraud. The user biometric is stored and added to the list so that if a fraudulent biometric is attempted again, the account creation will fail.
Employee On-Boarding
+
Employee On-Boarding
1Kosmos offers a tailorable new and existing account origination process for employees and contractors, delivering the highest degree of user assurance. New users can self-verify their identity or organizations can enroll existing users into the 1Kosmos identity based authentication platform.
Customer Enrollment
+
Customer Enrollment
1Kosmos offers a tailorable new account origination process for customers or citizens, delivering the highest degree of end-user assurance. New users self-verify their identity using government issued IDs, telco ID accounts, banking credentials or even social media ID.
Decentralized Credential Storage
+
Decentralized Credential Storage
1Kosmos gives users control over their personal, verified information and allows them to share it on demand in a safe and secure way plus maintains a complete, immutable history of each identity request and exchange.
SMS One-Time Password (OTP)
+
SMS One-Time Password (OTP)
Delivers a time-sensitive security code via text message to verify user identity during login. Supports session-based authentication with built-in expiration to reduce unauthorized access risk. Can be configured to send the OTP to multiple verified phone numbers on file, enhancing deliverability and user accessibility.
Email One-Time Password (OTP)
+
Email One-Time Password (OTP)
Sends a session-specific, time-limited security code to the user’s email address for identity verification during login. Provides a familiar and accessible form of multi-factor authentication.
Voice One-Time Password (OTP)
+
Voice One-Time Password (OTP)
Delivers a session-specific, time-limited security code via automated voice call to the user’s phone number. Ideal for users without access to SMS or email. Supports multiple languages to accommodate diverse user populations and meet regional compliance requirements.
Time-based One-Time Password (TOTP)
+
Time-based One-Time Password (TOTP)
Generates a unique, 30-second security code tied to the requesting system, delivered through the 1Kosmos authenticator app. This method proves possession of the registered device and is protected by biometric authentication, adding a secure, user-friendly layer of verification.
Hardware One-Time Password (HOTP)
+
Hardware One-Time Password (HOTP)
Supports event-based authentication using physical tokens such as OneSpan devices that generate one-time passcodes with each press. Ideal for users without mobile devices or in high-security, offline environments. Requires distribution and management of physical tokens for each individual user.
Passkey-Based Biometric Authentication
+
Passkey-Based Biometric Authentication
Enables phishing-resistant authentication through built-in laptop biometrics like fingerprint or facial recognition without requiring a mobile app. Bound to the user’s device and organization domain, passkeys can’t be spoofed or reused. Ensures strong possession and presence by requiring the user to be physically present on their trusted device.
Single User Security Keys
+
Single User Security Keys
Supports FIDO2-compliant security keys, including 1Kosmos-branded and third-party options for phishing-resistant authentication. Keys are bound to a single user and protected by a PIN or biometric verification, ensuring secure possession and user presence during login.
Universal Web Login (QR Code Authentication)
+
Universal Web Login (QR Code Authentication)
Enables passwordless login to any web or mobile application by scanning a QR code with the 1Kosmos mobile app. This secure, app-based experience initiates a biometric verification and/or push notification. It's built on a flexible framework that can be embedded across enterprise systems for consistent, frictionless access.
Push Authentication
+
Push Authentication
Sends a real-time login request to the user’s trusted mobile or desktop device. The user can approve or deny access with a single tap. Includes a number challenge to verify intent and protect against MFA push bombing, ensuring only legitimate login attempts are approved.
Mobile Biometric Authentication (Face ID / Touch ID)
+
Mobile Biometric Authentication (Face ID / Touch ID)
Uses built-in biometric sensors on iOS and Android devices to verify user identity through the 1Kosmos app. This method enables secure, passwordless login with strong device binding and user presence assurance.
LiveID Biometric Authentication
+
LiveID Biometric Authentication
Uses the front-facing camera on a mobile device to capture a short video selfie, verifying both liveness and identity in real time. LiveID confirms the user is physically present and matches the enrolled identity before granting access, making it resistant to deepfakes, spoofing, and static image attacks.
SSO
+
SSO
Replaces traditional usernames, passwords, and 2FA with verified user identity at the point of entry. 1Kosmos authenticates users through strong identity-based methods before granting access to the SSO platform, ensuring that every connected application inherits that same high level of trust. Supports SAML, OIDC, and WS-FED protocols for seamless integration.
Directory Support
+
Directory Support
Supports Active Directory, Entra ID, LDAP, Directory Source
SAML
+
SAML
Supports Security Assertion Markup Language (SAML) to enable seamless, passwordless login experiences across enterprise applications. By configuring 1Kosmos as the identity provider (IdP), organizations can authenticate users with verified identity instead of credentials, enhancing both security and user experience.
OIDC and OAuth 2.0 Support
+
OIDC and OAuth 2.0 Support
1Kosmos supports OpenID Connect (OIDC) and OAuth 2.0 protocols to enable secure, standards-based authentication and authorization. Depending on the use case, 1Kosmos can act as either the Identity Provider (IdP) or the Service Provider (SP), offering flexible integration into modern identity ecosystems.
Windows MFA
+
Windows MFA
Extends strong, passwordless authentication to Windows desktops using the 1Kosmos MFA agent. Users can log in with push, QR code, security keys, or TOTP, whether online or offline, directly from the Windows login screen. Supports secure RDP sessions, shared accounts, and emergency local admin access.
Linux
+
Linux
Integrates 1Kosmos directly into the Linux SSH login via PAM. Supports standalone passwordless login or MFA, including push notifications, TOTP, SMS, email, and voice OTP. Admins can configure multiple authentication methods, allowing users to choose their preferred option or enforce combined factors. Authenticates online or offline over SSH.
Radius
+
Radius
1Kosmos provides a command-line RADIUS Auth Proxy that links your AD/LDAP user directories to RADIUS clients. Administrators can configure it to support secure authentication methods such as push notifications, IVR voice calls, and one-time passcodes, allowing flexible, passwordless or MFA flows over RADIUS. The proxy works online and offline and can be managed and monitored through AdminX.
LDAP Proxy
+
LDAP Proxy
Enables passwordless or multi-factor authentication for applications using LDAP by integrating the 1Kosmos Auth Proxy. Intercepts LDAP bind requests and enforces policies based on user, group, or service account attributes. Supports push, OTP, and voice call verification with minimal changes to backend systems.
Desktop Authenticator (Orion)
+
Desktop Authenticator (Orion)
Provides strong MFA and passwordless authentication for web applications through a lightweight desktop app. When logging in, users receive a push notification on their workstation to approve or deny access. Offers a seamless alternative to mobile-based verification for users who prefer or require desktop-only workflows.
Password Reset
+
Password Reset
Enables secure self-service password reset from the 1Kosmos mobile app or web portal. Users can receive a reset link via email or phone and complete the process with identity verification, reducing helpdesk burden and preventing account takeover.
Offline Login
+
Offline Login
Allows users to authenticate even without internet access by generating a time-limited, event-specific OTP through the 1Kosmos app. Ensures secure login continuity for workstations during network outages or travel.
Remote Access
+
Remote Access
Replaces usernames and passwords with identity-based authentication to securely access remote systems. 1Kosmos verifies the real user behind each login, enabling strong, phishing-resistant access without shared credentials.
Privileged Access Management (PAM)
+
Privileged Access Management (PAM)
Protects access to critical systems by verifying the true identity of privileged users before login. 1Kosmos replaces static credentials with identity-based authentication, reducing the risk of credential abuse and securing access to sensitive systems and applications.
Context-Aware Authentication Policies
+
Context-Aware Authentication Policies
Triggers authentication journeys based on user attributes like IP address and geolocation. 1Kosmos dynamically adapts the authentication flow to enforce stronger security in higher-risk scenarios.
Custom Login Page Branding
+
Custom Login Page Branding
1Kosmos allows branding on the login page and end user facing pages to match the enterprise brand.
Adhoc Reports
+
Adhoc Reports
1Kosmos provides adhoc reports on login activity and events within the tenant.
Identity Wallet
Platform
NFC Support
+
NFC Support
1Kosmos leverages the NFC reader in mobile devices to read NFC chips on passports to capture and verify data.
Support for Multiple Accounts / Personas
+
Support for Multiple Accounts / Personas
Within the 1Kosmos app, users have multiple accounts or personas. This capability allows users to have different login workflows. This will enable organizations to require a separate account or persona for technologies that cannot go passwordless.
Device Biometrics (TouchID / FaceID)
+
Device Biometrics (TouchID / FaceID)
1Kosmos leverages the built-in Face ID or Touch ID identity technologies available on today’s devices for authentication into the identity wallet.
Mobile SDK (iOS, Android)
+
Mobile SDK (iOS, Android)
The 1Kosmos mobile SDK, integrates functionality into an existing app or service. This approach allows organizations to eliminate silos created when managing multiple apps and services.
Password Reset/Forgot
+
Password Reset/Forgot
Through the 1Kosmos app or user portal, users easily reset their passwords if and when needed for applications that cannot go passwordless.
Zero Trust Device Checks
+
Zero Trust Device Checks
The 1Kosmos app performs a zero trust check at every login for device tampering like a jailbreak.
Identity Portability (BYOI)
+
Identity Portability (BYOI)
1Kosmos enables a user to self manage their digital identity to share PII data with requesting parties at their discretion.
Wallet Recovery
+
Wallet Recovery
1Kosmos offers a recovery option for users in the case of a lost wallet.
White Labelling Support
+
White Labelling Support
The 1Kosmos mobile app can be white labeled, so you customize the look and feel to fit in with your brand identity and improve the user experience.
Web/Mobile Managed Wallet
+
Web/Mobile Managed Wallet
1Kosmos supports both mobile (for an app based journey) or a web wallet (for an appless journey) for users to manage their digital identity,
W3C - DID Compliant
+
W3C - DID Compliant
1Kosmos stores customer information in a distributed ledger, compliant to W3C DID standards.
W3C - Verifiable Credentials
+
W3C - Verifiable Credentials
1Kosmos issues verifiable credentials, which are digitally signed and are tamper-resistant, traceable, and instantaneously verifiable.
Credential Service Provider (CSP)
+
Credential Service Provider (CSP)
1Kosmos is deployed as a CSP to collect and verify information about a user and to verify that the claimed identity is associated with the real person supplying the identity evidence.
NIST 800-63-3
+
NIST 800-63-3
1Kosmos is certified by the Kantara Initiative to NIST800-63-3. Certification can be found here.
FIDO Certification
+
FIDO Certification
1Kosmos is certified by the FIDO Alliance. Certification can be found here.
OIDC and OAuth
+
OIDC and OAuth
Through the OIDC / OAuth workflow, 1Kosmos acts as both the Identity Provider (IdP) or as the Service Provider (SP), depending on the use case.
PSD2
+
PSD2
1Kosmos delivers PSD2 Compliant authentication while providing users with an exceptional customer experience.
SAML
+
SAML
Security Assertion Markup Language (SAML) supported by 1Kosmos enables a passwordless authentication solution for your organization's users by configuring 1Kosmos as the IdP.
RADIUS
+
RADIUS
1Kosmos integration with RADIUS accepts authentication requests from clients and enables secure logon with addition OTP.
GDPR Compliance
+
GDPR Compliance
1Kosmos provides a self-managed identity — including clear disclosures and consent to support GDPR Compliance initiatives.
Reporting and Dashboard
+
Reporting and Dashboard
The platform captures events and provides an easy-to-access interface to view/query the logs and provides a dashboard to monitor threats and to receive alerts on unauthorized access and unusual behavior patterns.
ISO 270001 Certification
+
ISO 270001 Certification
1Kosmos is certified ISO 27001 by the International Organization for Standardization (ISO). Certification can be found here.
SOC2 Certification
+
SOC2 Certification
1Kosmos is certified to SOC II Type 2. Certification can be found here.
Universal Web Login (UWL)
+
Universal Web Login (UWL)
1Kosmos supports universal web login (UWL) which is a flexible authentication framework that can be embedded into any web and mobile application to go passwordless using the 1Kosmos mobile app.
Custom Branding of Login Page
+
Custom Branding of Login Page
1Kosmos allows branding on the login page and end user facing pages to match corporate level branding.
Policy Based Authentication
+
Policy Based Authentication
Trigger authentication journeys based criteria such as IP Address and geolocation of the user.
Interoperability
Federation Standards
+
Federation Standards
1Kosmos comes out of the box with native compatibility with OIDC, OAuth2, SAML and RADIUS protocols.
Integration with Single Sign On (SSO) Solutions
+
Integration with Single Sign On (SSO) Solutions
1Kosmos comes out of the box with connectors into leading PAM solutions. See here. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with PAM Solutions
+
Integration with PAM Solutions
1Kosmos comes out of the box with connectors into leading PAM solutions. See here. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with IGA Solutions
+
Integration with IGA Solutions
1Kosmos comes out of the box with connectors into leading IGA solutions, including ServiceNow, SailPoint and Saviynt. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with Mobile Device Management (MDM) Solutions
+
Integration with Mobile Device Management (MDM) Solutions
1Kosmos comes out of the box with connectors into leading MDM solutions, including MobileIron and Blackberry. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with Remote Access
+
Integration with Remote Access
1Kosmos comes out of the box with connectors into leading Remote Access solutions. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Integration with VPN
+
Integration with VPN
1Kosmos comes out of the box with connectors into leading VPN solutions. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
FIDO2 and WebAuthN Support
+
FIDO2 and WebAuthN Support
1Kosmos enables FIDO-based authentication via WebAuthn to supported browsers and platforms, allowing users to authenticate with built-in biometrics, mobile devices, and security keys to websites and applications.
Fraud Management System Integration
+
Fraud Management System Integration
1Kosmos comes out of the box with connectors into leading Fraud Management Systems, including RSA and LexisNexis. For those solutions where a connector is not offered, our APIs provide easy integration.
Risk & Behaviour Based Management System Integration
+
Risk & Behaviour Based Management System Integration
1Kosmos comes out of the box with connectors into leading Risk & Behaviour Based Management Systems, including BehavioSec. For those solutions where a connector is not offered, our APIs provide easy integration.
Operating Systems
+
Operating Systems
1Kosmos comes out of the box with connectors into Mac, Windows and Linux/Unix operating systems. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Cloud Applications
+
Cloud Applications
1Kosmos comes out of the box with connectors into leading Cloud-based applications, including O365, Gsuite, Salesforce and more. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
DevOps Platforms
+
DevOps Platforms
1Kosmos comes out of the box with connectors into leading DevOps platforms, including GitHub, Gitlab and Atlassian. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Advanced Directory Support
+
Advanced Directory Support
1Kosmos integrates with AD, LDAP, Azure AD and our user store. 1Kosmos has the ability to authenticate users from multiple directories.
Government Issued ID
+
-
1Kosmos identity proofing utilizes a user’s driver’s license, passport, or national ID to validate identity with consent. 1Kosmos supports document verification for over 140 countries in approximately 2300 formats.
Third-Party Verification
+
-
1Kosmos utilizes an API to verify and validate the scanned document and captured data.
Bank ID
+
-
1Kosmos APIs utilize non-physical references, such as a Bank ID, to validate user identity and to improve identity assurance and KYC checks.
Telco ID
+
-
1Kosmos APIs utilize non-physical references, such as a Telco ID, to validate user identity and to improve identity assurance and KYC checks.
Email Verification
+
-
Users verify and enroll their email address into their identity wallet. This verified email address is presented to interested parties as proof of ownership of an email address.
SSN Verification
+
-
Validate against issuing authority, in seconds, a user’s Social Security number to identify fraudulent identities.
Passport Verification
+
-
1Kosmos identity proofing technology captures the information in the ID and ensures that the ID is valid. For instance, 1Kosmos checks for common characteristics of the entered document to identify if a photocopy is used.
DL Verification
+
-
1Kosmos identity proofing technology captures the information in the ID and looks to ensure that the ID is valid. 1Kosmos checks if a photocopy is used and reads the RFID chip. If the chip cannot be read, then the data is not validated.
Phone Verification
+
-
Users enroll a verified phone number into their mobile wallet. This verified phone number is presented to interested parties as proof of ownership of a phone number.
SIM Binding
+
-
Using a combination of SIM detection and SMS verification, 1Kosmos is enabled to validate a user’s mobile number against a user’s account.
Liveness Detection
+
-
Using the expressions and a true-depth camera functionality, 1Kosmos utilizes a short selfie video that requires randomized facial movements to detect liveness and is certified to NIST 800-63-3 and iBeta ISO/IEC 30107-3 standards.
Digital Identity Score
+
-
Based on what the user presented to prove identity at the time of enrollment, users will build an identity score. As users enroll and verify government issued IDs and non-physical IDs, their score will increase up to an IAL2.
Non Biased Decisioning
+
-
Our distributed identity framework is private by design. This ensures that each user is verified independently of others and ensures a non-bias race and gender decisioning.
Private Permissioned Blockchain
+
-
1Kosmos uses a blockchain network that is restricted to a group of users or organizations where participants must be granted permission to join. This is in contrast to a public blockchain, where anyone can participate without needing permission.
App and Appless Workflow
+
-
Organizations can implement a workflow for authentication and/or verification which utilizes an app-based workflow or an appless workflow. In an appless workflow, authentication or verification is completed through a browser.
ID Verification & Watchlist
+
-
ID verification and watchlists monitor for suspicious activities to catch syntheticID and account fraud. The user biometric is stored and added to the list so that if a fraudulent biometric is attempted again, the account creation will fail.
Employee On-Boarding
+
-
1Kosmos offers a tailorable new and existing account origination process for employees and contractors, delivering the highest degree of user assurance. New users can self-verify their identity or organizations can enroll existing users into the 1Kosmos identity based authentication platform.
Customer Enrollment
+
-
1Kosmos offers a tailorable new account origination process for customers or citizens, delivering the highest degree of end-user assurance. New users self-verify their identity using government issued IDs, telco ID accounts, banking credentials or even social media ID.
Decentralized Credential Storage
+
-
1Kosmos gives users control over their personal, verified information and allows them to share it on demand in a safe and secure way plus maintains a complete, immutable history of each identity request and exchange.
SMS One-Time Password (OTP)
+
-
Delivers a time-sensitive security code via text message to verify user identity during login. Supports session-based authentication with built-in expiration to reduce unauthorized access risk. Can be configured to send the OTP to multiple verified phone numbers on file, enhancing deliverability and user accessibility.
Email One-Time Password (OTP)
+
-
Sends a session-specific, time-limited security code to the user’s email address for identity verification during login. Provides a familiar and accessible form of multi-factor authentication.
Voice One-Time Password (OTP)
+
-
Delivers a session-specific, time-limited security code via automated voice call to the user’s phone number. Ideal for users without access to SMS or email. Supports multiple languages to accommodate diverse user populations and meet regional compliance requirements.
Time-based One-Time Password (TOTP)
+
-
Generates a unique, 30-second security code tied to the requesting system, delivered through the 1Kosmos authenticator app. This method proves possession of the registered device and is protected by biometric authentication, adding a secure, user-friendly layer of verification.
Hardware One-Time Password (HOTP)
+
-
Supports event-based authentication using physical tokens such as OneSpan devices that generate one-time passcodes with each press. Ideal for users without mobile devices or in high-security, offline environments. Requires distribution and management of physical tokens for each individual user.
Passkey-Based Biometric Authentication
+
-
Enables phishing-resistant authentication through built-in laptop biometrics like fingerprint or facial recognition without requiring a mobile app. Bound to the user’s device and organization domain, passkeys can’t be spoofed or reused. Ensures strong possession and presence by requiring the user to be physically present on their trusted device.
Single User Security Keys
+
-
Supports FIDO2-compliant security keys, including 1Kosmos-branded and third-party options for phishing-resistant authentication. Keys are bound to a single user and protected by a PIN or biometric verification, ensuring secure possession and user presence during login.
Universal Web Login (QR Code Authentication)
+
-
Enables passwordless login to any web or mobile application by scanning a QR code with the 1Kosmos mobile app. This secure, app-based experience initiates a biometric verification and/or push notification. It's built on a flexible framework that can be embedded across enterprise systems for consistent, frictionless access.
Push Authentication
+
-
Sends a real-time login request to the user’s trusted mobile or desktop device. The user can approve or deny access with a single tap. Includes a number challenge to verify intent and protect against MFA push bombing, ensuring only legitimate login attempts are approved.
Mobile Biometric Authentication (Face ID / Touch ID)
+
-
Uses built-in biometric sensors on iOS and Android devices to verify user identity through the 1Kosmos app. This method enables secure, passwordless login with strong device binding and user presence assurance.
LiveID Biometric Authentication
+
-
Uses the front-facing camera on a mobile device to capture a short video selfie, verifying both liveness and identity in real time. LiveID confirms the user is physically present and matches the enrolled identity before granting access, making it resistant to deepfakes, spoofing, and static image attacks.
SSO
+
-
Replaces traditional usernames, passwords, and 2FA with verified user identity at the point of entry. 1Kosmos authenticates users through strong identity-based methods before granting access to the SSO platform, ensuring that every connected application inherits that same high level of trust. Supports SAML, OIDC, and WS-FED protocols for seamless integration.
Directory Support
+
-
Supports Active Directory, Entra ID, LDAP, Directory Source
SAML
+
-
Supports Security Assertion Markup Language (SAML) to enable seamless, passwordless login experiences across enterprise applications. By configuring 1Kosmos as the identity provider (IdP), organizations can authenticate users with verified identity instead of credentials, enhancing both security and user experience.
OIDC and OAuth 2.0 Support
+
-
1Kosmos supports OpenID Connect (OIDC) and OAuth 2.0 protocols to enable secure, standards-based authentication and authorization. Depending on the use case, 1Kosmos can act as either the Identity Provider (IdP) or the Service Provider (SP), offering flexible integration into modern identity ecosystems.
Windows MFA
+
-
Extends strong, passwordless authentication to Windows desktops using the 1Kosmos MFA agent. Users can log in with push, QR code, security keys, or TOTP, whether online or offline, directly from the Windows login screen. Supports secure RDP sessions, shared accounts, and emergency local admin access.
Linux
+
-
Integrates 1Kosmos directly into the Linux SSH login via PAM. Supports standalone passwordless login or MFA, including push notifications, TOTP, SMS, email, and voice OTP. Admins can configure multiple authentication methods, allowing users to choose their preferred option or enforce combined factors. Authenticates online or offline over SSH.
Radius
+
-
1Kosmos provides a command-line RADIUS Auth Proxy that links your AD/LDAP user directories to RADIUS clients. Administrators can configure it to support secure authentication methods such as push notifications, IVR voice calls, and one-time passcodes, allowing flexible, passwordless or MFA flows over RADIUS. The proxy works online and offline and can be managed and monitored through AdminX.
LDAP Proxy
+
-
Enables passwordless or multi-factor authentication for applications using LDAP by integrating the 1Kosmos Auth Proxy. Intercepts LDAP bind requests and enforces policies based on user, group, or service account attributes. Supports push, OTP, and voice call verification with minimal changes to backend systems.
Desktop Authenticator (Orion)
+
-
Provides strong MFA and passwordless authentication for web applications through a lightweight desktop app. When logging in, users receive a push notification on their workstation to approve or deny access. Offers a seamless alternative to mobile-based verification for users who prefer or require desktop-only workflows.
Password Reset
+
-
Enables secure self-service password reset from the 1Kosmos mobile app or web portal. Users can receive a reset link via email or phone and complete the process with identity verification, reducing helpdesk burden and preventing account takeover.
Offline Login
+
-
Allows users to authenticate even without internet access by generating a time-limited, event-specific OTP through the 1Kosmos app. Ensures secure login continuity for workstations during network outages or travel.
Remote Access
+
-
Replaces usernames and passwords with identity-based authentication to securely access remote systems. 1Kosmos verifies the real user behind each login, enabling strong, phishing-resistant access without shared credentials.
Privileged Access Management (PAM)
+
-
Protects access to critical systems by verifying the true identity of privileged users before login. 1Kosmos replaces static credentials with identity-based authentication, reducing the risk of credential abuse and securing access to sensitive systems and applications.
Context-Aware Authentication Policies
+
-
Triggers authentication journeys based on user attributes like IP address and geolocation. 1Kosmos dynamically adapts the authentication flow to enforce stronger security in higher-risk scenarios.
Custom Login Page Branding
+
-
1Kosmos allows branding on the login page and end user facing pages to match the enterprise brand.
Adhoc Reports
+
-
1Kosmos provides adhoc reports on login activity and events within the tenant.
NFC Support
+
-
1Kosmos leverages the NFC reader in mobile devices to read NFC chips on passports to capture and verify data.
Support for Multiple Accounts / Personas
+
-
Within the 1Kosmos app, users have multiple accounts or personas. This capability allows users to have different login workflows. This will enable organizations to require a separate account or persona for technologies that cannot go passwordless.
Device Biometrics (TouchID / FaceID)
+
-
1Kosmos leverages the built-in Face ID or Touch ID identity technologies available on today’s devices for authentication into the identity wallet.
Mobile SDK (iOS, Android)
+
-
The 1Kosmos mobile SDK, integrates functionality into an existing app or service. This approach allows organizations to eliminate silos created when managing multiple apps and services.
Password Reset/Forgot
+
-
Through the 1Kosmos app or user portal, users easily reset their passwords if and when needed for applications that cannot go passwordless.
Zero Trust Device Checks
+
-
The 1Kosmos app performs a zero trust check at every login for device tampering like a jailbreak.
Identity Portability (BYOI)
+
-
1Kosmos enables a user to self manage their digital identity to share PII data with requesting parties at their discretion.
White Labelling Support
+
-
The 1Kosmos mobile app can be white labeled, so you customize the look and feel to fit in with your brand identity and improve the user experience.
Web/Mobile Managed Wallet
+
-
1Kosmos supports both mobile (for an app based journey) or a web wallet (for an appless journey) for users to manage their digital identity,
W3C - DID Compliant
+
-
1Kosmos stores customer information in a distributed ledger, compliant to W3C DID standards.
W3C - Verifiable Credentials
+
-
1Kosmos issues verifiable credentials, which are digitally signed and are tamper-resistant, traceable, and instantaneously verifiable.
Credential Service Provider (CSP)
+
-
1Kosmos is deployed as a CSP to collect and verify information about a user and to verify that the claimed identity is associated with the real person supplying the identity evidence.
NIST 800-63-3
+
-
1Kosmos is certified by the Kantara Initiative to NIST800-63-3. Certification can be found here.
OIDC and OAuth
+
-
Through the OIDC / OAuth workflow, 1Kosmos acts as both the Identity Provider (IdP) or as the Service Provider (SP), depending on the use case.
PSD2
+
-
1Kosmos delivers PSD2 Compliant authentication while providing users with an exceptional customer experience.
SAML
+
-
Security Assertion Markup Language (SAML) supported by 1Kosmos enables a passwordless authentication solution for your organization's users by configuring 1Kosmos as the IdP.
RADIUS
+
-
1Kosmos integration with RADIUS accepts authentication requests from clients and enables secure logon with addition OTP.
GDPR Compliance
+
-
1Kosmos provides a self-managed identity — including clear disclosures and consent to support GDPR Compliance initiatives.
Reporting and Dashboard
+
-
The platform captures events and provides an easy-to-access interface to view/query the logs and provides a dashboard to monitor threats and to receive alerts on unauthorized access and unusual behavior patterns.
ISO 270001 Certification
+
-
1Kosmos is certified ISO 27001 by the International Organization for Standardization (ISO). Certification can be found here.
Universal Web Login (UWL)
+
-
1Kosmos supports universal web login (UWL) which is a flexible authentication framework that can be embedded into any web and mobile application to go passwordless using the 1Kosmos mobile app.
Custom Branding of Login Page
+
-
1Kosmos allows branding on the login page and end user facing pages to match corporate level branding.
Policy Based Authentication
+
-
Trigger authentication journeys based criteria such as IP Address and geolocation of the user.
Federation Standards
+
-
1Kosmos comes out of the box with native compatibility with OIDC, OAuth2, SAML and RADIUS protocols.
Integration with Single Sign On (SSO) Solutions
+
-
1Kosmos comes out of the box with connectors into leading PAM solutions. See here. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with PAM Solutions
+
-
1Kosmos comes out of the box with connectors into leading PAM solutions. See here. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with IGA Solutions
+
-
1Kosmos comes out of the box with connectors into leading IGA solutions, including ServiceNow, SailPoint and Saviynt. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with Mobile Device Management (MDM) Solutions
+
-
1Kosmos comes out of the box with connectors into leading MDM solutions, including MobileIron and Blackberry. For those solutions where a connector is not offered, our APIs provide easy integration.
Integration with Remote Access
+
-
1Kosmos comes out of the box with connectors into leading Remote Access solutions. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Integration with VPN
+
-
1Kosmos comes out of the box with connectors into leading VPN solutions. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
FIDO2 and WebAuthN Support
+
-
1Kosmos enables FIDO-based authentication via WebAuthn to supported browsers and platforms, allowing users to authenticate with built-in biometrics, mobile devices, and security keys to websites and applications.
Fraud Management System Integration
+
-
1Kosmos comes out of the box with connectors into leading Fraud Management Systems, including RSA and LexisNexis. For those solutions where a connector is not offered, our APIs provide easy integration.
Risk & Behaviour Based Management System Integration
+
-
1Kosmos comes out of the box with connectors into leading Risk & Behaviour Based Management Systems, including BehavioSec. For those solutions where a connector is not offered, our APIs provide easy integration.
Operating Systems
+
-
1Kosmos comes out of the box with connectors into Mac, Windows and Linux/Unix operating systems. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Cloud Applications
+
-
1Kosmos comes out of the box with connectors into leading Cloud-based applications, including O365, Gsuite, Salesforce and more. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
DevOps Platforms
+
-
1Kosmos comes out of the box with connectors into leading DevOps platforms, including GitHub, Gitlab and Atlassian. See here. For those solutions where a connector is not offered, our API’s will provide easy integration.
Advanced Directory Support
+
-
1Kosmos integrates with AD, LDAP, Azure AD and our user store. 1Kosmos has the ability to authenticate users from multiple directories.
Experience the Power of Strong Identity
With strong identity, business runs more smoothly with less risk of fraud and disruption from cyber incidents. Let 1Kosmos show you how. Book a demo today!