Frequently Asked Questions

What is Beyond Identity?

Beyond Identity is the passwordless identity platform for workforces and customers. Security teams of all sizes choose Beyond Identity to eliminate passwords to applications and networks to protect company resources from account takeovers and breaches. It’s the only passwordless identity platform that shuts the door on password-based attacks, while simultaneously improving the speed and ease of use for authorized users to login.

Beyond Identity eliminates insecure authentication methods (passwords, OTP, SMS and mobile push notifications), and instead, verifies users with secure factors (biometric and registered devices), all without asking users to climb over hurdles or pick up a 2nd device every time they want to login.

What is the difference between Beyond Identity for my workforce and Beyond Identity for my customers?

For your workforce: Enable your workforce or employees to access their desktops and applications seamlessly and securely.

For your customers: Provide your customers with secure passwordless access to your applications across any platform.

What can you do with Beyond Identity?

  • Remove passwords to your single sign-on system and applications
  • Stop password-based attacks in their tracks to protect against  account takeovers attacks like credential stuffing, phishing, and ransomware RDP brute force attacks
  • Stop unauthorized users and devices from logging into your single sign-on
  • Enable users to authenticate with multiple factors, without insecure factors (passwords, OOB, SMS, push notifications, etc.) and without the headache and frustration of traditional 2FA/MFA systems that require a 2nd device.
  • Reduce IT help desk costs from password resets and account lockouts

How does Beyond Identity work?

Beyond identity is fully integrated with popular SSO systems to support your workforce (employees, contractors, consultants, etc.).

The solution contains two key components: a new type of authenticator, and our Beyond Identity cloud.

When users request to login to their single sign on application:

  1. The single sign on application delegates the authentication decision to Beyond Identity
  2. Beyond Identity then checks the user’s device for their authenticator and credentials which are securely stored on their device in the TPM or secure enclave
  3. Once this check is done, the Beyond Identity cloud then approves access to the single sign on application
  4. They’re in.  (All this happens in a second or two)

Beyond Identity can also be integrated directly into your applications to provide a secure and frictionless login experience your consumers will love.

Where is the password?

There is no password to authenticate, just the authenticator and the private key that’s tied to the hardware of that device. The private key is securely stored in the device hardware (TPM/Enclave) and never leaves the device!

Does Beyond Identity support two-factor or multi-factor authentication (2FA/MFA)?

Beyond Identity does employ multiple factors to login (something you have, something you are, or something you know).  However, Beyond Identity is far more secure and much easier to use than traditional MFA. It does not require the user to locate a second device and fish a code out of their SMS or email, or to answer a push notification.  It does not use an insecure “one time password.” It simply provides a secure frictionless login that users will love.

How do I set up Beyond Identity?

Set up is easy and a member of our support team will help you every step of the way. To get an idea of what to expect you can view our configuration guides for each single sign-on we integrate with:

If you are looking to use Beyond Identity to provide secure/frictionless authentication for one of your customer/consumer facing applications we recommend setting up a discussion to review the various implementation/deployment options with our team.

What if Beyond Identity goes down?

Beyond Identity knows that our customers' business depends on enterprise level identity solutions. As a result, Beyond Identity has built its solution from the ground up to be highly available and resilient to failure of any of its components, with the goals that your user never experiences any downtime." You can find our historical and current system status at https://status.beyondidentity.com/

What support do we get as a free passwordless customer?

Our free tier is a fully supported product. You have access to our customer portal and email support from 8am - 5 pm CT, M-F, excluding holidays. Additional 7x24x365 support is available for an additional fee if your organization needs it.

How secure are you?

Beyond Identity maintains a strict internal compliance program that is aligned with industry standards such as CIS and the NIST Cybersecurity Framework. In addition, Beyond Identity is committed to routinely engaging 3rd party auditors to attest to our security framework and will make these attestations available upon request.

Do you store PII?

Beyond Identity only stores your name and email address.

What will experience be like for my users/employees?

See for yourself!

Can I use this on more than one device?

Of course, Beyond Identity allows you to extend trust to your other devices.

What controls will I have as an admin?

You can view

  • The number of active users,
  • The number authentications
  • The number of devices added
  • The number of devices that have a passcode set
  • The number of devices that have a biometric set
  • The distribution of devices across operating systems

Actions you can take

  • Delete specific devices
  • Deactivate or delete users
  • Invite users to self-enroll in Beyond Identity
  • Add user groups
  • Set up the integration with your single sign on.
  • Install, enable, and disable API extensions such as Okta event hooks for provisioning or Okta Registration attributes

What should I do now?

  1. Select whether you are rolling out passwordless authentication for your workforce or for customers of your application.
  2. Fill out the form.
  3. We will follow up with you to schedule a 30 minute intro call to answer any questions you may have and to get a better understanding of your use case so we can optimize your onboarding process.
  4. We will schedule a longer onboarding session (about an hour) to configure Beyond Identity for your organization.
  5. You are now passwordless!