Secure Work for CyberArk Workforce Identity Single Sign-On

In this video, we're going to give an overview of Beyond Identity Secure Work solution and explain how to provide users with a frictionless, passwordless login to your single sign-on while ensuring that identity and device security controls are present at every authentication. Beyond identity Secure Work has two components, a cloud SaaS component and an authenticator that sits on all users' devices, which is supported on all major platforms. 

The authenticator triggers the creation and storage of private keys on the secure hardware of each end-user device. The private keys can't be read or removed. Public keys are then stored in the cloud. The cloud component works to audit events, integrations with third-party systems, and risk-based access policies. 

With Beyond Identity, companies can use unphishable factors like biometrics and security keys bound to the device and eliminate weak factors such as passwords, push notifications, and one-time passcodes both during authentication and from the directory. This removes password policies and reduces IT support costs. 

At each login request, Beyond Identity checks if the device is bound to an authorized user and checks its security posture. It checks for specific apps, programs, and files running on the device at login. These security checks are invisible to the user and prevent unauthorized users and insecure devices from logging in. 

This is crucial in today's working world where SaaS resources are easily accessible and the workforce, especially contractors, partners, and third parties are using unmanaged devices or bringing their own devices. Beyond Identity puts the user and device at each critical decision point in an authentication.