How Risk-Based Authentication Works
Get the highest level of assurance that only authorized users and devices that meet your security model can access company resources. Beyond Identity's passwordless ties identities to devices so only registered devices can request access. Then security teams can check real-time risk signals from every user, and every device, at every transaction, to enforce stronger access controls.
Benefits
Purpose built to secure distributed workforces
Analyze risk signals from every user, device, and application at every authentication.
Free up your MDM budget to save costs
Collect risk signals from every device, including unmanaged and BYOD.
Demonstrate compliance to regulators
Review and export an immutable audit trail of every authentication event.
Unique Capabilities
Precise, customizable risk policies
Risk policies are easy to configure, fine-tune, and control. Define access rules with exact precision, using an expansive and extensible attribute set. Customize policies to meet your risk tolerance in every situation and analyze them if they’re working as expected, or if they need to be fine-tuned.
25+ attributes out-of-the-box
Take advantage of 25+ attributes from users, devices, and applications, including granular device context from all desktop computers, tablets and phones at time of login.
No MDM, no problem
Risk signals are collected from every device for every authentication transaction, without requiring a third party Unified Endpoint Management (UEM) software. Optionally, Beyond Identity also has direct integrations with UEM tools to enhance this data set for risk policies.
How it Works
Authentication Policies:
- Configure authentication policies based on what’s important to you and your organization’s security policy and compliance.
- There’s 25+ attributes, including the platform, biometric enabled, firewall enabled, and if certain security software was enabled and running, at the exact time of the transaction.
- Enforce policies based on behavior and on the security posture of devices, regardless of whether the device is managed or BYOD
Device Policies:
- Regulate what types of devices meet your security and compliance requirements and are allowed to add the authenticator
- Only registered users and devices with an authenticator can request access to company resources
- Devices must meet policy requirements before gaining access to resources
Event Logs:
- Monitor and export an audit trail of all transactions that have occurred, including the security posture of the device at that exact day and time
- For each authentication event, review if the transaction passed all relevant policies, and which policies impacted that transaction
- Troubleshoot if policies are operating as expected or if they need to be fine-tuned
Granular Risk Signals For Greater Access Control
Deny access to users exhibiting risky behavior
Use the policy engine to assess risk signals before and after authentication. Monitor and set up automatic alerts to notify teams of abnormal behavior so they act quickly.
Ask for step up authentication for sensitive resources
To protect high-risk resources, there’s the option to ask users for a “step up” verification, one example of this is to ask the user for an additional OS verification like a local biometric to the device.
Add device trust on top of strong authentication
Passwordless authentication limits which devices can request access to company resources. Ensure devices are compliant with your security policies. Device health changes over time, software on the device may not be running as expected.
Built in device context:
Gather risk signals from every device, no 3rd party MDM needed
The Beyond Identity Authenticator has dual purposes: it’s both a secure authentication method and a “MDM lite.” Each device that has the authenticator sends the security posture of the device to the Beyond Identity Cloud at the exact time of login. Since every device that’s requesting access has the Authenticator, including desktop computers, security teams are able to get a granular level of detail for every single device and for every single authentication event.