The Passwordless Identity Platform
Eliminate passwords and enable frictionless MFA.
Implement continuous, risk-based authentication for your workforce and customers.
Beyond Identity’s cloud-native solution provides a radically simple setup and low-cost operations.
What you get with Beyond Identity
A New Type of Authenticator
- No passwords
- Zero-click login
- Download on Windows, MacOS, iOS, Android
- Log in to desktops, web-based, or native applications
- Common experience, and don’t need to pick up a second device to log in
- Collects device security posture and risk signals for continuous authentication
- User self-service to add, remove, or recover devices
Intelligent Authentication Cloud
- Positively identify users and their devices
- Continuous authentication - analyzes risk signals for each transaction
- Enforce risk-based policies and step-up authentication
- Generates a detailed, immutable record of every transaction
- Automates user provisioning
- Integrated with identity, cybersecurity, and compliance tooling
- Provides high availability and massive scalability
ONE PLATFORM, TWO SOLUTIONS
Beyond Identity supports workforce and customer use cases with one advanced platform. Integrations with numerous single sign-on and identity systems provide radically simplified deployments.
HOW IT WORKS
The advanced Beyond Identity Authenticator replaces passwords with secure credentials based on X.509 certificates and public-private key pairs, without requiring customers to manage any certificates. It provides multi-factor authentication, and collects endpoint security data for continuous risk-based authentication.
THE BEYOND IDENTITY AUTHENTICATOR
The authenticator orchestrates enrollment and authentication requests between users' devices and the Intelligent Automation Cloud.
- Enrollment: The TPM, built into modern endpoint devices, creates and securely stores a private key that never leaves the device. The associated public key is stored in the Intelligent Automation Cloud during registration.
- Authentication: The TPM generates a signed certificate with the private key.
Multi-factor authentication is achieved using the device biometric or PIN code to authenticate users to their devices – the first factor. The second factor is the certificate, which is validated in the cloud using the public key.
Device security posture data is collected by the authenticator during each login. This data package is signed with the private key, which creates an immutable record that is transferred to the cloud.
INTELLIGENT AUTHENTICATION CLOUD
The Intelligent Authentication Cloud manages identities, coordinates authentication requests, implements continuous authentication, and communicates with security and compliance software.
For each login request, it confirms the user and device identity, and evaluates multiple risk signals, ensuring access decisions align with the criticality of the resource and meet compliance requirements.
During each login, the continuous authentication engine:
- Validates the X.509 cert was signed with the corresponding private key associated with a registered device
- Evaluates fresh device security posture from the endpoint to make a risk-based auth decision
- Establishes device trust (whether devices are corporate issued, BYOD, managed, or unmanaged) using data from MDM and EDR integrations
- Stores identity and device posture data for every transaction as an immutable record in the data lake and is available via API
- Shares data with security and compliance systems via API
COMPARE AUTHENTICATION METHODS
|Passwords||Hardware keys||MFA||Beyond Identity authenticator|
Vulnerable to phishing, credential stuffing, user error, reuse
Known security issues with Bluetooth and NFC
Increased security exposure (SIM hacking, malware, notification flooding)
Fundamentally secure X.509 and TLS technology, private key never leaves TPM
|Ease of implementation & maintenance||N||Y||Y||Y|
|Comprehensive, granular device security posture||N||N||N||Y|
|Self-serve migration & recovery||N||N||Y||Y|
|Continuously evaluate every transaction for risk-based access||Y|
- Achieve radical improvements to security and improve the user experience at the same time.
- Implement MFA without passwords, picking up a second device, or fishing for one-time codes.
- Elevate your security program with continuous authentication that brings security data and other risk signals into authentication decisions during every transaction.
- Realize rapid value with our cloud-native platform and low-code, snap-in deployments.
- Leverage proven secure and scalable standards (X.509 with no certificate management, TLS, OIDC, OAuth, SAML, SCIM).
- Reduce workload on IT and help desk with user self-service, self-recovery, and 99% uptime availability with full-service support.