Why protect user accounts with multi-factor authentication (MFA)
Compromised credentials are the resource most commonly used for attacks and fraud.
MFA blocks such attacks.
An MFA solution needs to balance the level of security, the level of friction introduced for users, and the costs & efforts for the organization to implement & manage it.
We designed inWebo from the ground up with these 3 dimensions in mind.
Connectors & plugins
inWebo supports established standards such as radius, SAML 2.0, OpenID Connect, LDAP, plus a REST API, plugins for 3rd-party products (integrating that API), and a Credential Provider.
This is all you need to add MFA to most, if not all, your environments and applications – VPN, remote access, Cloud applications, websites & portals, laptops, etc. If you’re unsure whether or how we support a specific use case, please see our industry solutions, or simply ask us.
Multiple options to strengthen authentication
Depending on your starting point, you may use inWebo to add a layer of security to the existing application passwords, to replace them entirely, to combine a biometric authentication with a device authentication, or even to limit authorized devices.
All these MFA options have in common that someone who wants to access a user account must have access to one of that user’s authenticators at the time of the request. Hacking user passwords no longer works.
Turn any device or App into an authenticator – not just smartphones
An authenticator (aka cryptographic OTP generator) is what a user needs to prove her identity in a secure manner. This is a security software associated with “credentials” (cryptographic data) uniquely associated to a user through a simple activation workflow.
inWebo provides multiple types of authenticators so that you can implement MFA without worrying about which devices users have. This is quite unique.
- App-based and client-based authentication: inWebo Authenticator is available on the stores and works on smartphones, tablets, and computers.
- in-App authentication: inWebo mAccess SDK turns your own Apps or clients into secure authenticators. It’s available for your native and web applications.
An unmatched user experience
Unlike most solutions where a user must always carry and use the same authenticator (a keyfob, a USB, or a smartphone) whatever the circumstances, inWebo allows multiple authenticators for a maximal flexibility – for instance, one on the office desktop, one on the smartphone, one on the tablet, etc.
The login process can be optimized per channel and made completely frictionless when users connect from a device having one of their registered authenticators. For this, you only need to configure policies (what is authorized to whom).
Also, in an MFA scenario where a user has defined a PIN, the same PIN can be used with all her authenticators. When it is changed, reset, or unlocked, it is done only once. All this seemed obvious with static password authentication but only inWebo has extended it to MFA.
A turnkey solution
Authenticating users, all things considered, is an easy task. The challenge that your organization faces with MFA is to turn the technology options (e.g., an innovative type of biometric authentication) into a managed service. This involves integration, testing, provisioning, on-boarding, user support, administration, audit, usage data analysis… Most activities that large organizations already run for their in-house and sanctioned applications, with a lots of processes, tools, and resources.
We made sure that these activities are covered in our solution. Thanks to our API and SDK, you can still execute them from the existing tools. Provisioning and on-boarding can be fully handled from your identity management platform. User support from your service management platform. Correlation from your SIEM. A device-based biometric authentication can be added to your App. And so on.
However, since all these processes can also be managed directly from our administration console, you do not need to integrate our API from day one. Actually, there are good chances that you can start without any integration at all. For user provisioning, you need an automated solution. IWDS (inWebo Directory Sync) is precisely made for this purpose, helping synchronize users, groups, and policies with your inWebo authentication tenant. Logs can be generated and exported manually if you want to start without integrating our log API. Built-in and customizable on-boarding tools will help you roll out MFA to users without creating workflows for this. Our authenticators Apps are available for download and will automatically personalized with your logo and service name. Etc.
Available. Robust. Certified.
Since you need the authentication service to be always available, we have engineered fully redundant platforms, made of several (currently 3) independent server infrastructures distributed in distinct certified datacenters. This architecture provides an extremely high service availability (our lawyers won’t let us write 100%).
Also, MFA security is not a given. MFA feels more secure than password-based authentication but what makes it really secure is its design and its implementation. Our patented, cryptography-based algorithms confer an unmatched level of security. In our platforms, authentication algorithms run within security appliances (aka Hardware Security Modules), protecting against server-side attacks or abuses. Unlike traditional Cloud-based authentication solutions, inWebo really protects the complete chain.