AffirmedID
reinventing
Authentication as a Service
With a tagline exemplifying the need
Authentication is not a destination; it’s a journey!
AffirmedID
A new federated authentication service delivers an easy-to-deploy and maintain IAM-friendly cloud service with SSO using SAML or OIDC. As easy to use as mobile payment, Its integrated authenticator app facilitates FIDO2 authentication that seamlessly bridges the gap from ceremony to automated session monitoring with full user transparency.
NIST compliant MFA authentication includes two forms of user identity verification cryptographically asserted to the cloud service on behalf of the relying party. Patented behavioral identity techniques with location and proximity kept internal to the app are the basis for continuous authentication, allowing seamless session monitoring. This solution offers cost-effective, unmatched session security. Subscribe now to put these benefits to work for you.
Subscribe NowAuthentication as a Service
AaaS must establish, protect, and affirm the user’s identity not as a singular event but as a continuum from login to log out.
A robust AaaS must establish, protect, and continuously affirm the user's identity, not just once but throughout, from login to logout. It involves continuously evaluating the risks associated with authenticated sessions and enforcing appropriate security policies, thereby establishing and maintaining trust in ongoing user identity and authorizations.
DefinedContinuous Authentication
MFA is working! MFA bypass via session hijacking is one of the top three cyberattack vectors. Session security should be top of mind along with Continuous Authentication and Session Monitoring.
The rapid rise of session hijacking has experts recommending continuous monitoring of authenticated sessions as the most effective defense. Its use can prevent or substantially reduce the impact of a hijacked session. When based on continuous authentication originating from a device in the user’s possession, the likelihood of early detection and avoidance are substantially improved.
DefinedMFA
Organizations and their remote users are best served by low-friction, user-friendly multi-factor authentication. Shareholders, investors, and the board are equally appreciative.
Verifying two forms of identity as a precondition for FIDO2 cryptographic assertions in a phishing resistant mobile-centric environment ensures MFA compliance with NIST 800-63B-4.
DefinedAuthentication, a Seamless Experience
Each link in the chain of the authentication journey must seamlessly link to the next from identity verification to session monitoring and logout.
In essence, the AaaS authentication journey should feel and operate like a fluid and integrated process, where each step builds upon the previous one to establish, maintain, and affirm the user's identity and session security. This seamless approach is a hallmark of AffirmedID Authentication as a Service.
DefinedThe User Experience
A difficult, problem prone, complex user experience is counterproductive and where authentication and access controls are concerned it may become a security risk too.
Organizations face significant challenges when it comes to authentication and user experience. Nearly two-thirds of surveyed companies (64%) cite challenges with user experience as a major pain point in their authentication processes. UX problems not only cause user frustration and dissatisfaction, but also obstruct work, increase costs, and may compromise security if users seek shortcuts to features meant to protect users, systems, and data.
DefinedDeployment
words
words
Support, Maintenancee, and Updates
words
words
Compliance Table
A Factor is a claim that a relying party can verify.
| Authenticator | Distinct Authentication Factors | Continuous Authentication Monitoring | MFA | PCI DSS | ZTA |
|---|---|---|---|---|---|
| FIDO2 | 1/21 | No | No2 | No | No |
| Passkey | 1/21 | No | No2 | No | No |
| Passwordless Push | 2 | No | No2 | No | No |
| WorldApp | 1 | No | No | No | No |
| Password or Biometric + any of above |
2 | No | Yes | Yes | No |
| AffirmedID | 2 | Yes | Yes3 | Yes | Yes |
| Authentication Factors: Something you are, something you know, and something you have. Continuous Authentication Factors: Your location, your proximity to devices, and your behaviors. Thoroughly vet claims of MFA support. Often they assume the use of additional third party factors. | |||||
| 1. Caution, the second factor is conditional and when provided must be independently verifiable, even in the case where the Verified (UV) flag is used. Refer to MFA above. | |||||
| 2. WARNING! NIST SP 800-63B-4 specifically calls for use of 2 distinct and individually verifiable factors, not the default case for either of these. Refer to MFA above. | |||||
| 3. AffirmedID requires two (2) forms of user identity proofs, refer to MFA above. | |||||
Seamlessly Bridging AffirmedID to the IAM Landscape
An ongoing integration project adding ZT compliant Identity Service to every IAM
Availability: Now
Protocols: SAML, OIDC, OAuth 2