Free Trial
We appreciate your consideration of our secure identity and authentication solutions. Each approach we offer represents a distinct method of achieving the same goal: verifying a user’s identity and confirming their use of a unique authentication device—while eliminating risk in the process.
To use either of the following authentication methods, the individual must have the AffirmedID Authenticator App installed on their mobile device. Step-by-step installation instructions can be found selecting Get App choice.
Secure Application Access
Secure Application Access—often referred to in developer circles as JWT, Stateless, or Token authentication—is the most basic form of authentication provided. It is typically the least costly to configure and operate and the easiest to maintain.
However, with the AffirmedID implementation, authentication is elevated to NIST AAL3 assurance level—delivered through a simple, single-step process. This means you realize the highest level of identity assurance with a seamless user experience, a combination unmatched by any other solution. Other solutions attempt to achieve the same level of assurance by requiring users to complete multiple authentication ceremonies—one to prove device possession and another to verify an identity factor. This not only complicates the user experience but also drives up operational cost and complexity.
SAML
Our SAML-based Single Sign-On (SSO) implementation enables employees and users to access all of their applications with a single set of credentials, established through one authentication ceremony per session. From that point on, reauthorization and reauthentication occur seamlessly in the background as the user moves between applications.
What sets AffirmedID apart is the critical reauthentication step during each transition. While other solutions stop at reauthorization alone, AffirmedID ensures that identity assurance is continuously validated. The importance of this distinction is explained further under Continuous Authentication.
OpenID Connect (OIDC)
Our OIDC-based solution offers a modern, lightweight alternative built on OAuth 2.0. Like other implementations, it is developer-friendly, mobile/native-first, and provides robust API authentication—but with critical differences .
Unlike typical client-side approaches, AffirmedID employs a server-side token management design , ensuring tokens are securely stored on the server rather than in the browser. This architecture delivers significantly stronger protection against token theft and session hijacking.
Continuous Authentication Monitoring (CAM)
Continuous Authentication Monitoring (CAM) is rapidly becoming essential—not only to meet regulatory mandates such as Zero Trust Architecture (ZTA) and CMMC, but also to safeguard sensitive organizational data. Its importance is especially pronounced in highly regulated sectors such as Healthcare, Government, and Finance.
AffirmedID takes CAM a step further by making it natively available within our OIDC and SAML provider services as well as providing it externally over a Syslog feed.
What makes our CAM unique is the location of its headwaters—on the device closest to the user: their authenticator. Since behavioral monitoring is fundamental to establishing identity, extending it into CAM was a natural step. Combined with location awareness and proximity to the application or access device, this creates an exceptionally strong foundation for continuous identity assurance.
