The Passwordless Identity Platform

Eliminate passwords and enable frictionless MFA.

Implement continuous, risk-based authentication for your workforce and customers.

Beyond Identity’s cloud-native solution provides a radically simple setup and low-cost operations.

What you get with Beyond Identity

A New Type of Authenticator

  • No passwords
  • Zero-click login
  • Download on Windows, MacOS, iOS, Android
  • Access enterprise resources
  • Common experience, and don’t need to pick up a second device to log in
  • Collects device security posture and risk signals for continuous authentication
  • User self-service to add, remove, or recover devices

Intelligent Authentication Cloud

  • Positively identify users and their devices
  • Continuous authentication - analyzes risk signals for each transaction
  • Enforce risk-based policies and step-up authentication
  • Generates a detailed, immutable record of every transaction
  • Automates user provisioning
  • Integrated with identity, cybersecurity, and compliance tooling
  • Provides high availability and massive scalability

One Platform, Two Solutions

Beyond Identity supports workforce and customer use cases with one advanced platform. Integrations with numerous single sign-on and identity systems provide radically simplified deployments.

SSO Integrations

How it works

The advanced Beyond Identity Authenticator replaces passwords with secure credentials based on X.509 certificates and public-private key pairs, without requiring customers to manage any certificates. It provides multi-factor authentication, and collects endpoint security data for continuous risk-based authentication.

The Beyond Identity Authenticator

The authenticator orchestrates enrollment and authentication requests between users' devices and the Intelligent Automation Cloud.

  • Enrollment: The TPM, built into modern endpoint devices, creates and securely stores a private key that never leaves the device. The associated public key is stored in the Intelligent Automation Cloud during registration.
  • Authentication: The TPM generates a signed certificate with the private key.

Multi-factor authentication is achieved using the device biometric or PIN code to authenticate users to their devices – the first factor. The second factor is the certificate, which is validated in the cloud using the public key.

Device security posture data is collected by the authenticator during each login. This data package is signed with the private key, which creates an immutable record that is transferred to the cloud.

Intelligent Authentication Cloud

The Intelligent Authentication Cloud manages identities, coordinates authentication requests, implements continuous authentication, and communicates with security and compliance software.

For each login request, it confirms the user and device identity, and evaluates multiple risk signals, ensuring access decisions align with the criticality of the resource and meet compliance requirements.

During each login, the continuous authentication engine:

  • Validates the X.509 cert was signed with the corresponding private key associated with a registered device
  • Evaluates fresh device security posture from the endpoint to make a risk-based auth decision
  • Establishes device trust (whether devices are corporate issued, BYOD, managed, or unmanaged) using data from MDM and EDR integrations
  • Stores identity and device posture data for every transaction as an immutable record in the data lake and is available via API
  • Shares data with security and compliance systems via API

Compare Authentication Methods

  Passwords Hardware keys MFA Beyond Identity authenticator
User Friction meter with stick pointing in the middle in the yellow meter with stick pointing in the middle in the yellow meter with stick pointing to the left in the red meter with stick pointing to the right in the green
Security

lock icon red

Vulnerable to phishing, credential stuffing, user error, reuse

lock icon yellow

Known security issues with Bluetooth and NFC

lock icon yellow

Increased security exposure (SIM hacking, malware, notification flooding)

lock icon green

Fundamentally secure X.509 and TLS technology, private key never leaves TPM
Ease of implementation & maintenance N Y Y Y
Comprehensive, granular device security posture N N N Y
Self-serve migration & recovery N N Y Y
Continuously evaluate every transaction for risk-based access       Y

 

Benefits

  • Achieve radical improvements to security and improve the user experience at the same time.
  • Implement MFA without passwords, picking up a second device, or fishing for one-time codes.
  • Elevate your security program with continuous authentication that brings security data and other risk signals into authentication decisions during every transaction.
  • Realize rapid value with our cloud-native platform and low-code, snap-in deployments.
  • Leverage proven secure and scalable standards (X.509 with no certificate management, TLS, OIDC, OAuth, SAML, SCIM).
  • Reduce workload on IT and help desk with user self-service, self-recovery, and 99% uptime availability with full-service support.