The Business Challenge
Single sign on (SSO) simplifies access management across multiple applications.
Adding FIDO2 biometric authentication provides strong authentication in the form of the private key stored in the TPM / secure enclave of the device (possession element) and the live biometric (inherence element).
This ensures that the person requesting access to an online service is actually who they say they are … versus simply verifying the individual has access to the password and one time code.
But the key business driver behind adding biometric authentication to SSO tends to be user preference. User satisfaction improves when they are able to replace passwords and one time codes with their biometric. Why? Because it’s easier to use and provides them faster access.
With 1Kosmos BlockID Workforce, security and privacy also increase because only the user has access and control of their private information. Users determine which online services can use their information for authentication, and users approve precisely the information that is shared. There is no central database or honeypot to guard and for hackers to target with attacks.
The BlockID Advantage
FIDO2 certified encrypted private-public key pair uses biometric to form a next generation multi-factor authentication solution
We use the Trusted Platform Module / Secure Enclave of a device (what you have) and a live biometric (what you are) to construct a FIDO2 certified biometric credential for any SSO gateway.
We offer flexible levels of identity assurance, but because our solutions are FIDO2 and NIST 800-63-3 certified, they provide up to certified identity assurance level 2 (IAL2) and certified authentication assurance level 2 (AAL2), and they provide a high degree of interoperability via API / SDK.
For example, we offer off the shelf API-based integration to Okta, Ping, ForgeRock, Azure AD, SiteMinder, and Oracle as well as a host of other Single Sign On providers. Any identity provider can be made more secure using biometric authentication with flexible levels of identity assurance.
One solution supports multiple authentication channels and methods
We’ve built FIDO2 biometric authentication into all of our solutions, but we also realize that organizations and users need flexibility to accommodate multiple ways to authenticate. That’s why we’ve delivered our solutions in various ways.
Some users have smartphones or tablets with the latest capabilities, and for those users our fully brandable mobile app will work fine for biometric authentication and, in addition, offers the convenience of handling various legacy two-factor authentication mechanisms as well. Our mobile app can also be embedded via API / SDK into an existing mobile application.
Other organizations will want users to utilize those devices, but without downloading the app, and for those users we have our app-less authentication capability.
We also support the ability to utilize FIDO compatible browser-based biometrics using the built-in capabilities of existing smartphones, laptops and desktops.
Standard off-the shelf integrations connect with multiple Identity Provider and Single Sign On systems
Our platform is certified to the highest industry standards including FIDO2 and NIST 800-63-3 and complies with GDPR, SOC2, and ISO 27001 for handling and retention of sensitive data.
If your organization has multiple IDPs and multiple SSO, no problem. BlockID can integrate with all of them and provide a single login experience to the end user with no custom coding, no special firewall rules, or special security configurations.
Deployment is simple and fast – typically in under a week – via off the shelf APIs and services with low risk and no disruption.