What is Beyond Identity?
Beyond Identity is the passwordless identity platform for workforces and customers. Security teams of all sizes choose Beyond Identity to eliminate passwords to applications and networks to protect company resources from account takeovers and breaches. It’s the only passwordless identity platform that shuts the door on password-based attacks, while simultaneously improving the speed and ease of use for authorized users to login.
Beyond Identity eliminates insecure authentication methods (passwords, OTP, SMS and mobile push notifications), and instead, verifies users with secure factors (biometric and registered devices), all without asking users to climb over hurdles or pick up a 2nd device every time they want to login.
What is the difference between Beyond Identity for my workforce and Beyond Identity for my customers?
For your workforce: Enable your workforce or employees to access their desktops and applications seamlessly and securely.
For your customers: Provide your customers with secure passwordless access to your applications across any platform.
- Remove passwords to your single sign-on system and applications
- Stop password-based attacks in their tracks to protect against account takeovers attacks like credential stuffing, phishing, and ransomware RDP brute force attacks
- Stop unauthorized users and devices from logging into your single sign-on
- Enable users to authenticate with multiple factors, without insecure factors (passwords, OOB, SMS, push notifications, etc.) and without the headache and frustration of traditional 2FA/MFA systems that require a 2nd device.
- Reduce IT help desk costs from password resets and account lockouts
Beyond identity is fully integrated with popular SSO systems to support your workforce (employees, contractors, consultants, etc.).
The solution contains two key components: a new type of authenticator, and our Beyond Identity cloud.
When users request to login to their single sign on application:
- The single sign on application delegates the authentication decision to Beyond Identity
- Beyond Identity then checks the user’s device for their authenticator and credentials which are securely stored on their device in the TPM or secure enclave
- Once this check is done, the Beyond Identity cloud then approves access to the single sign on application
- They’re in. (All this happens in a second or two)
Beyond Identity can also be integrated directly into your applications to provide a secure and frictionless login experience your consumers will love.
Where is the password?
There is no password to authenticate, just the authenticator and the private key that’s tied to the hardware of that device. The private key is securely stored in the device hardware (TPM/Enclave) and never leaves the device!
Does Beyond Identity support two-factor or multi-factor authentication (2FA/MFA)?
Beyond Identity does employ multiple factors to login (something you have, something you are, or something you know). However, Beyond Identity is far more secure and much easier to use than traditional MFA. It does not require the user to locate a second device and fish a code out of their SMS or email, or to answer a push notification. It does not use an insecure “one time password.” It simply provides a secure frictionless login that users will love.
If you are looking to use Beyond Identity to provide secure/frictionless authentication for one of your customer/consumer facing applications we recommend setting up a discussion to review the various implementation/deployment options with our team.
Beyond Identity knows that our customers' business depends on enterprise level identity solutions. As a result, Beyond Identity has built its solution from the ground up to be highly available and resilient to failure of any of its components, with the goals that your user never experiences any downtime." You can find our historical and current system status at https://status.beyondidentity.com/
Our free tier is a fully supported product. You have access to our customer portal and email support from 8am - 5 pm CT, M-F, excluding holidays. Additional 7x24x365 support is available for an additional fee if your organization needs it.
Beyond Identity maintains a strict internal compliance program that is aligned with industry standards such as CIS and the NIST Cybersecurity Framework. In addition, Beyond Identity is committed to routinely engaging 3rd party auditors to attest to our security framework and will make these attestations available upon request.
Beyond Identity only stores your name and email address.
See for yourself!
Of course, Beyond Identity allows you to extend trust to your other devices.
You can view
- The number of active users,
- The number authentications
- The number of devices added
- The number of devices that have a passcode set
- The number of devices that have a biometric set
- The distribution of devices across operating systems
Actions you can take
- Delete specific devices
- Deactivate or delete users
- Invite users to self-enroll in Beyond Identity
- Add user groups
- Set up the integration with your single sign on.
- Install, enable, and disable API extensions such as Okta event hooks for provisioning or Okta Registration attributes
- Select whether you are rolling out passwordless authentication for your workforce or for customers of your application.
- Fill out the form.
- We will follow up with you to schedule a 30 minute intro call to answer any questions you may have and to get a better understanding of your use case so we can optimize your onboarding process.
- We will schedule a longer onboarding session (about an hour) to configure Beyond Identity for your organization.
- You are now passwordless!