AffirmedID
reinventing
Authentication as a Service
With a tagline exemplifying the need
Authentication is not a destination; it’s a journey!
AffirmedID
A new federated authentication service delivers an easy-to-deploy and maintain IAM-friendly cloud service with SSO using SAML or OIDC. As easy to use as mobile payment, Its integrated authenticator app facilitates FIDO2 authentication that seamlessly bridges the gap from ceremony to automated session monitoring with full user transparency.
NIST compliant MFA authentication includes two forms of user identity verification cryptographically asserted to the cloud service on behalf of the relying party. Patented behavioral identity techniques with location and proximity kept internal to the app are the basis for continuous authentication, allowing seamless session monitoring. This solution offers cost-effective, unmatched session security. Subscribe now to put these benefits to work for you.
Subscribe NowReal MFA
Multi-factor authentication (MFA) is a necessary defense in every organization’s cybersecurity strategy. By requiring multiple factors to be verified before granting access, MFA protects your applications and data. It helps to ensure that only authorized users can log into company networks.
Real Multi-Factor Authentication (Real MFA) complies with NIST SP 800-63B for every authentication ceremony without compromising the User Experience (UX). AffirmedID push authenticator produces two distinct factors that are independently verifiable by the authentication system and asserted with FIDO2 assurance.
DetailsContinuous Authentication
A cornerstone of ZTA
MFA bypass via session hijacking is one of the top three cyberattack vectors. The most effective defense is session monitoring, which begins with continuous authentication. Session security is imperative.
The rapid rise of session hijacking has experts recommending continuous monitoring of authenticated sessions as the most effective defense. Its use can prevent or substantially reduce the impact of a hijacked session. AffirmedID’s continuous authentication originating from a device in the user’s possession substantially improves protection from the threat of session hijacking.
DetailsAuthentication as a Service
AaaS must establish, protect, and affirm the user’s identity not as a singular event but as a continuum from login to log out.
A robust AaaS must establish, protect, and continuously affirm the user's identity, not just once but throughout, from login to logout. It involves continuously evaluating the risks associated with authenticated sessions and enforcing appropriate security policies, thereby establishing and maintaining trust in ongoing user identity and authorizations.
DefinedGaps in the Authentication Process
Gaps in the authentication process, whether by design, misconfiguration, misuse, mistakes or human error, become attack vectors bad actors take advantage of. Even the most secure MFA solution will fail to secure the session if gaps elsewhere in the process are allowed.
Reducing the gaps in authentication processes is crucial to improving security. Doing so significantly reduces the risk of session hijacking. A gap naturally exists between each step in the authentication process. Off-device redirects are high risk-sensitive gaps. The user interacting with an authenticator is the first potential gap in the process. Others follow and each is a point where session hijacking can occur. In February 2025 the $1.5B cryptocurrency heist took advantage of a gap.
DefinedAuthentication, a Seamless Experience
Each link in the chain of the authentication journey must seamlessly link to the next from identity verification to session monitoring and logout.
In essence, the AaaS authentication journey should feel and operate like a fluid and integrated process, where each step builds upon the previous one to establish, maintain, and affirm the user's identity and session security. This seamless approach is a hallmark of AffirmedID Authentication as a Service.
DefinedThe User Experience
A difficult, problem prone, complex user experience is counterproductive and where authentication and access controls are concerned it may become a security risk too.
Organizations face significant challenges when it comes to authentication and user experience. Nearly two-thirds of surveyed companies (64%) cite challenges with user experience as a major pain point in their authentication processes. UX problems not only cause user frustration and dissatisfaction, but also obstruct work, increase costs, and may compromise security if users seek shortcuts to features meant to protect users, systems, and data.
DefinedDeployment
words
words
Support, Maintenancee, and Updates
words
words
Compliance Table
A Factor is a claim that a relying party can verify.
| Authenticator | Distinct Authentication Factors | Continuous Authentication Monitoring | MFA | PCI DSS | ZTA |
|---|---|---|---|---|---|
| FIDO2 | 1/21 | No | No2 | No | No |
| Passkey | 1/21 | No | No2 | No | No |
| Passwordless Push | 2 | No | No2 | No | No |
| WorldApp | 1 | No | No | No | No |
| AffirmedID | 2 | Yes | Yes3 | Yes | Yes |
| Authentication Factors: Something you are, something you know, and something you have. Continuous Authentication Factors: Your location, your proximity to devices, and your behaviors. Thoroughly vet claims of MFA support. Often they assume the use of additional third party factors. | |||||
| 1. Caution, the second factor is conditional and when provided must be independently verifiable, even in the case where the Verified (UV) flag is used. Refer to MFA above. | |||||
| 2. WARNING! NIST SP 800-63B-4 specifically calls for use of 2 distinct and individually verifiable factors, not the default case for either of these. Refer to MFA above. | |||||
| 3. AffirmedID requires two (2) forms of user identity proofs, refer to MFA above. | |||||
Seamlessly Bridging AffirmedID to the IAM Landscape
An ongoing integration project adding ZT compliant Identity Service to every IAM
Availability: Now
Protocols: SAML, OIDC, OAuth 2