Authentication
Multi-factor authentication (MFA) gives you assurance that users are who they say they are. It requires them to prove their identity by providing at least two pieces of evidence that must each come from a different category: something they know, something they have or something they are.

Prevent Data Breaches with MFA

Weak and default passwords or passwords stolen through phishing and other attack methods are still being used to execute successful fraud attacks and data breaches. Confirming the identities of your employees, partners and customers thwarts attackers, and it’s never been easier. With a modern MFA solution, you strengthen security without sacrificing user experience.

How MFA Works

Requiring another authentication factor in addition to a username and password is a common way to add multi-factor authentication. You can have the MFA service send a request for additional verification—like a mobile push notification or one-time passcode—based on policies you set or USB tokens or Fingerprint authentication or Face Authentication. Customer-facing organizations can even send push notifications to their custom mobile apps or use Fingerprint or Face Authentication techniques.

Single Sign On (SSO)

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of Authentication credentials.

How does SSO work?

SSO works based upon a trust relationship set up between an application, known as the service provider, and an identity provider. This trust relationship is often based upon a certificate that is exchanged between the identity provider and the service provider. This certificate can be used to sign identity information that is being sent from the identity provider to the service provider so that the service provider knows it is coming from a trusted source. In SSO, this identity data takes the form of tokens which contain identifying bits of information about the user like a user’s email address or a username.

The login flow usually looks like this:

  • A user browses to the application or website they want access to, the Service Provider.
  • The Service Provider sends a token that contains some information about the user, like their email address, to the SSO system, the Identity Provider, as part of a request to authenticate the user.
  • The Identity Provider first checks to see whether the user has already been authenticated, in which case it will grant the user access to the Service Provider application and skip to step 5.
  • If the user hasn’t logged in, they will be prompted to do so by providing the credentials required by the Identity Provider. This could simply be a username and password or it include some MFA
  • This token is passed through the user’s browser to the Service Provider.
  • Once the Identity Provider validates the credentials provided, it will send a token back to the Service Provider confirming a successful authentication.
  • The user is granted access to the Service Provider.
  • The token that is received by the Service Provider is validated according to the trust relationship that was set up between the Service Provider and the Identity Provider during the initial configuration.

Surprisingly Fast and Easy Deployment

Improving security doesn’t have to be a headache. You can implement strong authentication in a matter of minutes. To make deployments easy, you’ll get out-of-the-box integrations OpenID Connect, OAuth 2.0 and SAML 2.0 as well as easy-to-use APIs. Also, self-service features for your end users and simple administration can make your MFA rollout effortless.