The 1Kosmos BlockID Workforce Advantage
1Kosmos BlockID Workforce is built with specific capabilities for the onboarding, verification and authentication of employees and contractors within the confines of the workplace. Combined with BlockID Verify, 1Kosmos digitally transforms the standard HR process for onboarding employees or contractors, delivering the highest degree of end-user assurance. This transformation eliminates the need for new employees to share copies of government IDs, protecting their privacy, and automates the entire onboarding process for new and existing employees or contractors.
By binding employees or contractors to their proofed identity, 1Kosmos BlockID Workforce creates an identity-based biometric authentication and a passwordless experience. Employees and contractors will utilize their trusted mobile device for daily authentication and step-up authentication for physical or logical access. As a result, each access event is associated with a real, verified identity.
For access to windows MacOS and Unix, authentication is triggered by a QR code scanned by the 1Kosmos BlockID app. This process works even when an internet connection is unavailable, delivering an offline OTP for access. The workstation can communicate with the 1Kosmos app over Bluetooth and follow the same QR code scanning process as if it were online.
By binding employees or contractors to their proofed identity, 1Kosmos BlockID Workforce creates an identity-based biometric authentication and a passwordless experience.
Existing Employee and Contractor Onboarding
Onboarding existing employees or contractors into the 1Kosmos identity-based biometric passwordless experience is simple and takes minutes to complete.
- Through the new administration experience, administrators send existing employees or contractors an invitation to their corporate mail, a text to their mobile device, or even a combination of both. Users accept the invite to onboard themselves and start their passwordless journey.
- The magic link invitation will direct the existing employee or contractor to install and launch the BlockID 1Kosmos app. This process binds the user to a proofed and validated identity stored in the 1Kosoms platform.
- Next, they enroll their biometrics to increase their identity assurance level.
- Finally, they will enter their existing user credential, which is the last time a password needs to be used. The employee or contractor will now use their identity-based biometric to authenticate into the network without a user name and password.
New Hire Onboarding
1Kosmos BlockID Workforce and BlockID Verify bind the user’s mobile device to a verified and validated identity.
- Once an employee accepts their offer, the HR team will kick off a process to verify the new employee or contractor remotely. The new employee or contractor will receive an email asking them to download the 1Kosmos BlockID app and enroll their government-issued ID.
- As the documents are enrolled, the location and phone number are verified, and the user’s LiveID is validated against the picture extracted from the document. The data is encrypted with the user’s private key and stored in the 1Kosmos private and permissioned Blockchain.
- Lastly, BlockID will prompt the user for consent to release the documents to HR. Documents are transmitted and reviewed by HR.
- Now that the identity is proofed, a secure email is sent to the new employee or contractor using a code that is generated with the user’s public key, meaning only the user can register. The user’s corporate credential (an Active Directory certificate, for example) is automatically enrolled into the BlockID app with the option of using MFA during this flow. The user does not need (or know) their credentials (user name and password) and can now access the network through an identity-based biometric and a passwordless experience.
Employee and Contractor Identity Based-Authentication
1Kosmos BlockID Workforce authentication methods are built into 1Kosmos BlockID app and employees or contractors can authenticate via any of our identification methods. By implementing 1Kosmos BlockID Workforce, you will consolidate several types of methods into one experience. We offer native support for:
QR Code Scan
Push Notification +Acknowledgment
Time-based OTP icon
Legacy Email/SMS Codes
We also support industry authentication standards such as OAuth, OIDC, SAML and FIDO.
To manage identity attributes and user privacy 1Kosmos BlockID Workforce utilizes a W3C Decentralized Identifier standard – a private and permissioned Blockchain distributed ledger.
The 1Kosmos BlockID backend eliminates the central storage database of usernames and passwords and removes any risk of lost, borrowed, or stolen credentials. This backend is immutable, HIGHLY SECURE and designed to support rapid transaction execution that often cannot be achieved when using a public blockchain. Each user’s information is encrypted using their own unique cryptographic key pairs, with their private key stored securely on their mobile device.
Once users enroll their attributes and biometrics with 1Kosmos BlockID Workforce, the data is pushed to the 1Kosmos BlockID private and permissioned Blockchain network. A smart contract inside the Blockchain is triggered and executed, and once validated, the user’s data is stored inside the blockchain. The clear benefit of the blockchain approach is eliminating a single identity repository, so hackers will not be able to access a “honey pot” of identity data that traditional IAM vendors support.
Mobile App and Mobile SDK
The 1Kosmos BlockID app becomes an extension of the employee or contractor, replacing authenticators, hardware tokens, and smart cards. The 1Kosmos BlockID mobile app can be white labelled, so you customize the look and feel to fit in with your brand identity and improve the employee or contractor experience.
Alternatively, by implementing our mobile SDK, you can integrate functionality into your existing app or service. This approach allows you to eliminate silos created when managing multiple apps and services.
For administrators, the portal is a centralized hub that allows for easy management of users and applications and is the starting point to enroll the workforce into passwordless access.
Our administration portal delivers:
- Visibility – review a user’s identity profile, their access and usage (but not their private identity information)
- Policy-based authentication – define authentication policies based on rules
- Policy enforcement – challenge users, based on defined rules and “strength of identity”
- Strong identity – begin the user’s identity lifecycle based on strong identity proofing
- Dashboard to monitor threats – receive alerts on unauthorized access and unusual behavior patterns
For users, the portal is a centralized hub that allows for easy control of their identity data and how it is shared.
- Visibility – customer and citizens will have visibility into their identity profile, applications and devices
- Portfolio of devices – enroll a portfolio of devices allowing seamless access to applications
- Avoid helpdesk – self manage and recover account(s), sign-up for passwordless access, link & unlink devices
- Protect against fraud and identity theft – customer and citizens will be alerted when unusual behavior is detected, on their device
SDK, API and Integrations
BlockID Workforce provides out-of-the-box integration into 50 target systems, including desktops (Windows, macOS and Unix), to help ensure a consistent login experience across the diversity of systems you’ll find today.
1Kosmos BlockID also comes with a developer-friendly SDK and APIs that comply with the strictest GDPR, SOC2, ISO 27001 certification standards for handling and retention of sensitive data, so you can connect to almost anything you need. 1Kosmos can also integrate into commercial, corporate or government systems via industry authentication standards such as OAuth, OIDC, SAML and FIDO and also offers legacy support via RADIUS.
It’s not enough to just authenticate and let users do what they please once access is granted. The 1Kosmos approach continuously validates identity assurance and offers a configurable journey to map user authentication requirements. Traditional “allow or deny” responses are replaced by more fine-grained options such as “allow, but step-up the authentication level with biometrics.”
1Kosmos can ingest behavioral and peripheral risk signals. For example, we have partnered with organizations like Behaviosec and RSA to track user behavior (desktop, mobile and environmental factors). This capability will detect attacks including session hijacking or credential loss on an access attempt. This combination of technologies improves your overall security posture as you can detect potentially fraudulent activities in real-time and step-up authentication if something out of band is noted with the least impact to the user.
Based on your domain and risk level, 1Kosmos provides schematics to increase every session’s assurance level. As users transition to higher-risk activities with elevated privileges (as an example), users can be asked to re-authenticate to ensure identity and to allow the request. To ensure the highest level of compliance, 1Kosmos supports the NIST AAL3 and eIDAS “HIGH” level of authentication.