The Framework Gaps

Modern identity security is not a framework—it’s an assembly. Authentication, authorization, and session protection are stitched together from disparate tools, vendors, and assumptions, often by teams without deep identity expertise. Leaders are asked to trust that nothing was missed.

While advances such as passkeys and FIDO2 represent meaningful progress—and they are very good—they remain fundamentally single-factor events, much like the passwords they replace. Once authentication succeeds, identity assurance typically stops, leaving the authorized session exposed, unobserved, and unprotected for its entire duration.

AffirmedID is, first and foremost, a complete and unified framework for providing user identity assurance, and securing user authentication and the session that it authorizes, doing so from a user’s first indication of intent to login till session end as signaled by user logout or policy enforcement.

AffirmedID was designed from the ground up to deliver a high-security framework in which user identity is verified using phishing-resistant methods during authentication, and those same methods are then applied to continuously verify user identity, presence, and participation throughout the authorized session.

In addition, the individual components of the AffirmedID framework can be deployed independently or in combination to enhance the security of existing identity and access frameworks, in some cases with little to no architectural impact.

• Auth is, in its own right, a high-assurance dual-assertion authenticator that delivers both phishing-resistant FIDO2 authentication and explicit assertions of identity verification. Its operational user experience matches that of Passkeys, while materially exceeding them in both security and usability. Auth can be deployed in virtually any scenario where Passkeys or other mobile-based authentication ceremonies are used.
• Connect is a framework component with independent value. Its OIDC and SAML providers may be deployed standalone, behind an IAM, or behind an existing IdP to service authentication and authorization needs for applications using either conventional Passkeys (FIDO2) or Auth authenticators.
• Pulse, when combined with Connect and either Passkeys (FIDO2) or Auth, enables secure, continuously monitored sessions with minimal or no impact to existing frameworks. With modest architectural changes, the addition of Sentinel closes the security gap that exists between point-in-time Passkey (FIDO2) authentication and ongoing session assurance. While this gap does not exist when Auth is used, Sentinel still adds value by introducing active proximity verification as part of continuous session monitoring.
• Sentinel integrates with virtually any mobile-based authentication framework with minimal architectural impact, adding active proximity verification to strengthen session assurance.