Receive the latest insights on Beyond Identity's new product features, enhancements, and upcoming releases. Experience demos of our products, valuable discussions, and gain valuable knowledge to maximize the use of our offerings and stay ahead in the industry.

Transcription

Joshua

Hello, and welcome to our first-ever product update livestream. I am Joshua Gonzales, the media producer here at Beyond Identity. And, I want to send you all a heartfelt thank you for joining us today on this very fun occasion. I am coming at you live from our New York City headquarters where we are hustling and bustling to make the best product ever for you. 

So, if you like what you hear today, I want to encourage you to head on over to beyondidentity.com/developers, where you can download our SDK and get started with our product for free. And, with that, I will now turn it over to our experts that you will hear from today, our founding engineer, Nelson Mellow, and our product marketing lead, Jing Gu. 

Take it away, you two. 

Nelson

Hello, and welcome, everyone, to our quarterly product update livestream. I'm Nelson, founding engineer of Beyond Identity, and I'm joined by my co-host and product marketing lead, Jing Gu. We're both excited to be here today to share with you the latest developments in Beyond Identity's products. 

Jing

Oh, yeah. We got a lot of exciting stuff coming up. And, just to set the table here, Beyond Identity is the technology leader in FIDO2 multi-factor authentication. We deliver passwordless phishing-resistant MFA that enables safe and frictionless user experiences. In fact, companies like Snowflake, Unqork, and Cornell use our cloud-native platform to advance their zero-trust strategies. 

Nelson

Absolutely. Our founder, Jim Clark, and CEO, T.J. Jermoluk started our company with a focus on customer first. Because of that, we're passionate about the ways in which our customers use our product and what suggestions they have to make it even better. 

Jing

Yeah. So, alongside this customer-first focus, we also keep an eye out on the future, innovating new ways to use our product to solve our customers' problems today and tomorrow. So, T.J. has this modern take on the Ford story that goes something like, and I might butcher this, so apologies in advance, T.J., but it goes something like, if you ask an ice cream shop what they want, they'll say, "Ah, I want faster trucks." 

But, man, think of how big and fast their business could grow if we gave them an airplane, right? So, with a customer-first focus and big enough of an aperture to focus on both their present, as well as future needs, we've created some fun new features. And, we'll walk you through these updates, share some demos, and even have a sneak peek at the end. 

So, stay tuned. And, the best part is that you can try all of these for free for yourself. 

Nelson

And, of course, we want to hear from you. Throughout the livestream, please, please feel free to ask questions and share your thoughts in the chat. Let's get started. 

Jing

Awesome. So, I will kick us off with our newest launch actually, our WordPress and Drupal integrations. So, everyone's interacted with a WordPress or a Drupal website before. They're the most popular content management tools in the market today. But, while these platforms are powerful, user authentication has remained surprisingly difficult, and it's at no fault of the platforms or the developers that work with them. 

It turns out passwords are a hidden conversion killer and a cause for account takeovers, spam, and unauthorized access, all of which can put your business at risk of legal issues and reputational damage. Yikes. So, this is where our integrations come in. They make it easy to add passwordless phishing-resistant authentication using passkeys to your WordPress and Drupal website for both end users as well as administrators. 

So, this is much more secure than passwords, and they allow users to log in very quickly with biometrics without remembering complex passwords or going through the hassle of first-generation multi-factor authentication. So, enough talking. 

Let me show you how the end user flow looks like. Let me just pull that up. Great. So, what you're seeing here actually is the backend of Beyond Identity's marketing website. This is built off of Drupal, and it took our awesome web developer less than an hour to integrate passkeys into this backend. And, at the time, the guide didn't even exist yet. 

So, I'm going to press Log In. It is going to ask for my passkey, and I will provide my biometric. And, there we have it. We are logged in. So, as you saw there, login was quick and frictionless. What the user didn't see, and what you didn't see is the public-private key challenge as well as the device posture check in the background, which validates that the right user is on the authorized device. 

And, now I'm going to hand it over to Nelson to talk about our second feature update. 

Nelson

Thanks, Jing. The second product update I'd like to share today is a capability we introduced last quarter, and it's called role-based access control. And, essentially what it does is it allows users, developers to control how specific roles and permissions are given to the end user of their web application or native application. 

Additionally, if they want to invite any teammate to collaborate with them in the development of the solution itself, the admin console also has role-based access control. At a very basic level, what it does is it simplifies permission management for developers and strengthens security by guaranteeing only the level of access that is needed is granted to the user. 

Role-based access control is helpful because it manages, it helps you manage access permissions to your application and allows developers to create those fine-grain access levels for different areas of the product. For example, they may want to invite their design team to help with branding, or they may want to share read-only access for an auditor. It's also really helpful if someone has different user groups that each application serves. 

I'll show you an example of that in a ride-sharing application where it may use role-based access groups or users to give particular permissions to each app. This can be also generalized to applications that support sellers and buyers, or freelancers and clients, or event organizers and attendees, you get the idea. 

So, I have my realm set up for my example application. Let me show you how that looks. As you can see, in this application, I have a Beyond Identity account, I have a realm I have created, and I have a set of resource servers which control how many scopes and which scopes are actually given to users. Let me show you what I have set up here. 

This particular resource server is called Acme API. It has three scopes, an admin scope, elevated, and access. Now, I can create roles that are based on those scopes given by the resource server. And, you'll see that this role is using that resource server. This happens to be the admin role, and that admin role has been assigned admin and elevated scopes. 

Now, you can see that identities and groups can be assigned to a specific role, and then if I show a user role, I can have different scopes for that particular user. As you can see, with these rules, an administrator can get access to information they need to perform their duties, but they're also able to specify exactly what each user can have access to, and for which capabilities within the application they can access. 

Jing

Awesome. So, we love security, right? Role-based access control is part of the capabilities that we want to give you to enable that. And, now I have this very exciting sneak preview of an update to our product, the hosted web authenticator. So, this is a feature that allows developers to quickly configure and spin up passkey-supported logins for web applications. 

So, when this launches, you'll be able to quickly deploy our SDKs in the form of a webpage that is hosted by us. You'll be able to control and customize the style of this webpage so that it aligns well with your brand. And, if you're paying attention to Nelson's demo, it's a perfect use case for role-based access control. You know, invite your design team, give them the scopes for branding. All right. 

So, we're planning to release this into production in mid-July and we would love your feedback. So, before I hop into the demo, please make sure that sign up at beyondidentity.com/developer/signup and book a time on our calendars because we want to hear about how you want to use or how you are using the hosted web authenticator. And, we'll be sending out $200 gift cards for the first 10 conversations. 

And, honestly, we can't wait to talk to you. We built this because passkeys are really powerful, but they present some non-trivial complexities for developers. You have to worry about which devices and platforms support passkeys, how should the UI screens look like, how to hook up WebAuthn to your application. 

And, what about building passkey support for different operating systems based on their specific APIs and documentation? With hosted web authenticator, all you have to do is define the authentication factors you want to use, set up the redirect DRIs, and you're off to the races. So, let me actually show you how that might look like. Okay. 

When I'm referring to configurable authentication factors, these are what I'm referring to. So, we give you options to configure authentication factors for new user verification for their primary authentication method used for login, and then we give you an option for a fallback authentication method just in case the primary authentication method fails for whatever reason. And, having a fallback that automatically, you know, you configure it and we default to it, provides users a streamlined experience. 

I'm sure you can see on the screen all of the factors we have. I won't go through them one by one. What I will point out is under the primary authentication method, you'll see that we delineate hardware-bound passkeys and software-bound passkeys. So, it's just a matter of where the private key is stored. Hardware-bound passkeys offer you the greatest level of security and it enables the end user to log in with their biometrics. 

So, that's the recommended option. We mark it as recommended in the product UI as well, so you'll have some guide points along the way. This is what you will see once we launch this in mid-July. So, you'll see this after you've set up your application. You'll be able to select hosted web, you'll be able to select your email verification, primary auth method, and a fallback auth method. 

I'm going to show you what the end-user experience looks like using primary auth method, a hardware-bound passkey, and a software-bound passkey as a fallback. So, let's see what the UX is. Great. Welcome to Acme. This is my Acme application. I am Ella, the end user. 

And I'm going to say, "Hey, I want to log in with passwordless." Click that, and I say, "Yes, this is my account that I want to log into." And, it's now going to prompt me for my biometric, so I'll go ahead and provide my biometric. And, with that, I am logged in. There was a public-private key challenge in the back, as well as device posture check. 

But, the user experience is pretty seamless. As an early adopter of FIDO and one of its board members, we really believe in the power of passkeys and want to help simplify the adoption implementation. For those of you who are watching closely, hosted web authenticator is low code, and it's designed to be really flexible for developers so that you can give users a great experience out of box. 

And, I think with that, if there are any questions, you and I will be fielding them live in chat. Josh will help us queue them up. Hopefully, you know, you've been asking questions. If not, we'll close out. But, thank you for your time. 

And, we're really excited to be doing these feature live streams more often. And, yeah, thanks.