News

A new Log API

Posted by | News, Tutorials | No Comments

inWebo provides a Log API so that you don’t have to export activity logs manually every day or every week. Logs are automatically made available in your collect and analytics tools.

inWebo Log API gives access to logs for a given service. Authentication to the API requires the same client certificate as the other inWebo APIs. Following log categories are available:

  • Authentication
  • Actions related to authentication devices (activation, online OTP, notification requests)
  • User management
  • Service configuration and Administration

With a call to the Log API, you can specify start and end dates, make page requests, or filter results by log category. Each record in the result is provided as a JSON table containing the following data:

  • Method used (authenticate, loginCreate…)
  • Result (OK, KO…)
  • User login
  • Time and date
  • IP address (when available)
  • Authentication device used
  • Authentication device identifier

Contact inWebo if you would like to activate this option for your authentication service.

Biometry as a second authentication factor

Posted by | News, Tutorials | No Comments

Following Apple’s introduction of a fingerprint sensor on iPhone 5s in 2013, smartphones increasingly come with a biometric sensor. Market research firms expect that 100% of the installed base will have some form of embedded biometrics by 2020 – this is not yet a commodity, but it will come fast. inWebo has therefore upgraded its solutions to support biometry as a second factor. The option is available on request to all customers, existing as well as prospects still evaluating inWebo (free trial).

Upon activation, the biometry option offers 2 alternatives, “biometry enabled” or “biometry forced”. The former applies to services that require users to enter a PIN as a second factor. Users who opt for it replace that PIN with biometrics. The latter mandates biometry as the second factor.

Biometry Settings

inWebo support of biometry as a second factor can be leveraged with

  • inWebo Authenticator version 4.2.0 or higher. The App supports Apple TouchID, as well as fingerprint sensors on Android Marshmallow (6.0+) smartphones.
  • inWebo mAccess version (0.)2.8 or higher. Developers can use mAccess library to support fingerprint biometry in their App but also virtually any kind of biometry (voice, face…), as long as it is implemented with a “match on card” mechanism (i.e. the biometric data is stored and verified locally on the smartphone). The library documentation provides a complete implementation for fingerprint sensors.

Please contact inWebo if you would like to easily add biometry as a second authentication factor for your services or applications.

DACH expansion + IT-SA 2016

Posted by | News | No Comments

Paris and Frankfort, October 3rd 2016 – inWebo is pleased to announce the appointment of Carlos Pinilla as a VP of Sales for the DACH Region: Germany, Austria, and Switzerland.

Mr Pinilla is a seasoned IT-security professional, having been among others a regional sales & marketing director for Utimaco, an Aachen (Germany) based hardware security module (HSM) vendor, and a partner of inWebo.

Based out of Frankfort, Mr Pinilla will spearhead inWebo development by building a channel of selected security partners, software vendors, and system integrators. As one of its first appearances in the Region, inWebo will be present at the IT-SA security show in Nuremberg October 18-21.

www.inwebo.com  -  sales@inwebo.com

SailPoint IdentityIQ supports inWebo multi-factor authentication

Posted by | News | No Comments

San Francisco & Paris, June 30, 2016 – Sailpoint (www.sailpoint.com) and inWebo have completed interoperability tests to use inWebo as an Identity Provider (IDP) for IdentityIQ, SailPoint’s popular identity governance suite.

The integration relies on SAML v2 support by IdentityIQ and inWebo. The integration “how to” documentation is available on inWebo developer website.

Customers can now use inWebo robust and convenient multifactor authentication to protect users access to IdentityIQ.

New Shibboleth plugin

Posted by | News | No Comments

Paris and San-Francisco, February 2nd, 2015 - inWebo has just released a plugin for the Shibboleth opensource web SSO and identity federation project. This plugin allows large organizations using Shibboleth to instantly benefit from inWebo secure & convenient authentication methods, where users can sign in easily and safely from their mobile phones, tablets, computers… One of many available authentication options allows a user to sign in securely (2-factor authentication) from their tablets or laptops without installing anything on their personal devices. The plugin consists in a java resource that an organization just adds to their Shibboleth deployment (version 2.4.3 or later).  The plugin will be found on the Shibboleth community resources wiki, as well as on inWebo developer website. It’s already available upon request for immediate deployments, and evaluation projects.

inWebo releases mobile authentication connector for Microsoft ADFS

Posted by | News | No Comments

inWebo releases mobile phone based authentication

for Microsoft Cloud Applications

Paris and Seattle, October 23rd, 2014 – Microsoft and inWebo Technologies, a leading multifactor authentication provider, announce the availability of inWebo built-in connector for Microsoft Windows Server 2012 R2 Active Directory Federation Services (AD FS). Corporate organizations are now able to secure access to their Microsoft cloud applications, such as Office 365 and Sharepoint, while bringing unprecedented convenience.

With the increased deployment of cloud-based applications within organizations, the need for a unified and secure access has become essential. In the recent years, Microsoft has generalized the federation for its cloud-based application portfolio, thus allowing active unified access through Active Directory Federation Server (AD FS). With the release of its AD FS connector, inWebo Technologies now provides stronger and more convenient authentication credentials to AD FS.

“Bringing security and convenience for the access to the leading enterprise applications is our primary mission. As Microsoft has now enabled identity federation on their cloud-based application portfolio, we’re very excited to launch a MFA connector for Windows Server AD FS, and to partner with Microsoft to raise the security and trust of cloud-based applications”, says Bruno Abramatic, CTO at inWebo.

“Beyond a unified and seamless access, multifactor authentication has become a primary requirement from our Enterprise customers to help them protecting user accounts on their Microsoft cloud-based applications. Window Server 2012 R2 AD FS has been designed to support best-of-breed third-party MFA solutions, and we are proud to work with inWebo Technologies. With their AD FS MFA connector, inWebo introduces a new level of security and convenience capabilities for access to the cloud,” says Andrew Conway, Senior Director of Enterprise Mobility Product Marketing, Microsoft.

Adding multifactor authentication capabilities to AD FS had already been demonstrated. However, inWebo brings unprecedented security and convenience.

When a user logs in to a Microsoft cloud application from a non-trusted network (Internet, Mobile), AD FS automatically sends a notification to the user’s mobile phone. He/she confirms the access on the phone and is directly connected. The user identity verification is made much stronger because he/she also owns a registered phone instead of only knowing a password, which may be too weak. Organizations may also allow users not equipped with a phone or not having it with them to securely authenticate based on their registered browser instead. This flexible, contextual, convenient authentication is highly appreciated by the users who previously considered signing in to Cloud applications as a hassle.

The convenience doesn’t come at the price of lowering security, thanks to the exclusive design of inWebo certified mobile authentication in-App “token” and of inWebo HSM*-protected credential validation service.

Last but not least, inWebo comprehensive solution is available through the ADFS built-in connector. Organizations can therefore seamlessly protect their data and comply with local regulations, while maintaining the agility that business demands.

*HSM: Hardware Security Module. inWebo uniquely allows the credential validation service to run safely outside the organization’s protected walled garden.

About inWebo Technologies
inWebo is a leading identity protection platform, delivering seamless Enterprise-grade multi-factor authentication and access security to organizations and online service providers, large and small.
inWebo client-side light SDKs instantly and transparently turn any user device (desktops, tablets, smartphones…) into a security token, enabling in-band or out-of-band multi-factor authentication, as well as multichannel transaction protection. Requirements on users for such additional security are minimal: no hardware to carry, no SMS code to copy-paste, no dedicated App/plugin/certificate to install, thus solving the adoption challenge usually faced by multi-factor authentication.
inWebo APIs leverage leading user repositories, identity management systems, single-sign-on and federation systems, as well as popular SaaS applications, enabling seamless deployments.
Finally, inWebo Password Manager (available on login-everywhere.com) is a multi-factor protected Cloud-based service helping users and organizations to safely manage and share their sensitive credentials such as userids and passwords.
For more information, visit inWebo at http://inwebo.com, or reach us at contact@inwebo.com

US Patent Granted

Posted by | News | No Comments

San Francisco, June 18th 2014 – After a pretty long procedure, inWebo has finally been granted a US patent by the Patent Trade Office (US PTO), thus extending the reach of its prior IP protection. This patent is for an authentication system, and more specifically for a technology known as “Dynamic Random Keys” that inWebo has invented and developed over the past few years.

This technology allows for a secure software implementation of multi-factor authentication (MFA), while a hardware implementation was conventionally required to achieve a high security level. It therefore extends the market of MFA to providers in segments that can’t afford to deploy hardware ‘tokens’ to the users they need to securely authenticate.

This technology was also the ground foundation for inWebo mobile and in-App authentication library (mAccess) that has been certified by the French National IT-Security Agency (ANSSI) in 2012.

Heartbleed report (for our customers)

Posted by | News | No Comments

Paris and San Francisco, April 10th 2014 – CVE-2014-0160 (also called “Heartbleed”) is a vulnerability discovered on April 7th 2014 in OpenSSL versions 1.0.1 to 1.0.1f. The exploit gives access to information that is supposed to be encrypted with TLS/SSL: login, passwords, confidential data, certificate private keys…

inWebo has immediately checked their services and confirms that the version in place (0.9.8) is NOT impacted.

HOWEVER: if you use inWebo webservices (API), you may also be using OpenSSL on your servers. You should check whether the version is impacted. If so, we recommend that you reissue the certificate from inWebo administration console (after updating your OpenSSL version). Please note, however, that in case the vulnerability has been exploited on your server, the information that may have been captured is NOT sensitive as OTP can’t be replayed. There’s therefore no impact on the access to your services.

Don’t hesitate to contact our support team for further details (preferably do that from the administration console).