WHY BLOCKID WORKFORCE?
We use real biometrics backed by verified identity to close the gaps in authentication and to give organizations a level of trust and convenience in digital interactions that transforms their business. Why?
Because the problem and key vulnerability with passwords, biometrics and even social media accounts used for logins is that user identity is inferred, not proven. They all trust blindly that the user logging in is who they claim to be.
We call this hope-based authentication, and you only need to read your cybersecurity news feed to understand that it’s not working.
PlatformAdmin and Developer Friendly
Build Verified Identities
Most logins assume identity, leaving IT and security teams hoping they’ve granted access to the legitimate user. 1Kosmos proves identity and provides flexibility to tailor the levels of identity assurance for different workers or groups of users. For example, executives and workers with privileged access might require the highest assurance with liveness detection (ie, IAL2), whereas workers in routine office functions might only need to match their biometric to an employment photo on file or use a device-level biometric.
We support both drivers license and passport verification via app-based or appless enrollment and can verify identity at lower levels of assurance using banking, telco (eg, SIM binding), email, social security number, and phone number, among other methods.
The 1Kosmos BlockID platform is not only complaint-to NIST 800-63-3, but fully certified to that standard by Kantara.
Authenticate with Verified Identity
After employment verification, organizations typically issue weak credentials such as user ID and password or some type of biometric that assumes identity on each use. The 1Kosmos approach to identity verification generates as an artifact a passwordless MFA credential workers then use to access their endpoints, the corporate VPN and any required business applications.
Verified identities are matched to the user’s biometric captured at enrollment, and since the BlockID platform is certified to FIDO2 standards and bound to a public / private key pair, the biometric can’t be spoofed and their session can’t be compromised. Every access attempt physically verifies the user identity leaving no chance for impostors to login.
In a typical deployment, workers are given the option to login via their user ID and password or use 1Kosmos to go passwordless via a QR code placed on the same screen. This side-by-side deployment option accelerates adoption.
With 1Kosmos organizations deploy a single authentication platform where users can authenticate with a high authenticator assurance level via a QR Code.
Deploy What You Need, When You Need It
Many believe passwordless authentication is difficult to deploy. Others just want to migrate from their antiquated 2FA systems and go passwordless gradually. Still, others have some passwordless capabilities but are looking to adopt a more strategic approach for the enterprise.
1Kosmos offers several deployment models. Some use the BlockID app to replace antiquated 2FA authentication workflow and consolidate legacy authentication methods such as OTP, TOPT, SMS, and push notifications into one experience.
Another option is to start passwordless authentication at the desktop, enabling users to login using biometrics into Windows or Mac, for example, even when offline. For access into the VPN or other business applications, BlockID can be implemented as a replacement or enhancement to existing SSO, providing access by identity-backed biometrics.
Others want to target passwordless authentication opportunistically by worker, department, application, or by specific use case (e.g, privilege access management) or by risk level. For example, a QR code can be placed on a login page for workers to select the option they prefer.
This level of flexibility means organizations can go passwordless all at once or one step at a time and tailor the authentication method and level of assurance to the specific requirements and risk tolerances of individuals or groups of users.
Address All of Your Authentication Needs
Some passwordless systems provide biometric authentication, but not much more … no identity verification, no support for legacy applications that can’t go passwordless, and limited support for a particular operating system with no backward compatibility for prior OS levels.
The BlockID platform comes with several convenient features, such as password reset for legacy or incompatible business applications. The password reset feature utilizes user biometrics to ensure the validity of the request.
For mobile, Windows and Mac workers can authenticate via any of seven identification methods including: device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Windows Hello, and MAC TouchID.
BlockID also integrates via industry authentication standards such as OAuth, OIDC, SAML, and FIDO. It also offers legacy support via RADIUS and supports interoperability across Windows, Office365, Mac, iOS, Android, Linux, and Unix operating systems.
Give Admins and DevOps the Tools They Need
As a cloud-based identity provider, BlockID comes with several exciting administration features.
The Administration portal provides easy access to the configuration and management of the BlockID platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into common technologies including Azure, Ping, Okta, O365, and more. It connects to any enterprise directory residing behind a firewall through a lightweight broker to build a read-only access view of your users.
For developers, BlockID comes with a developer-friendly SDK that complies with the strictest GDPR, SOC2, and ISO 27001 certification standards. The DevX portal provides a hosted sandbox to test FIDO-based authentication and features a guided tour for developing NodeJS WebAuthn applications. Developers can test use cases in the sandbox using the available APIs for FIDO-based authentication, WebAuthn, and drivers license verification, to name a few.
For enterprises looking to implement a passwordless pilot program, we offer a cloud-based user store where new identities can be created and managed.