Fundamental Knowledge about CIAM and Passwordless Authentication

Here you will find all relevant information about the building blocks of a successful CIAM strategy that includes passwordless authentication methods.


Identity Management

Identity management is essential to cybersecurity and data protection, as it helps ensure that only authorised people or systems have access to sensitive information and resources. It is used in various applications, including enterprise security, online authentication and access control for physical and logical resources.

CIAM solutions enable organisations to capture, store and manage customer identity data and authenticate and authorise customer access to digital services and resources.

Strong Authentication

Strong authentication helps to prevent unauthorised access to sensitive data, protect against identity theft and fraud, and increase overall security for businesses and individuals.

Strong authentication refers to the security process that requires users to provide multiple forms of identification to access a system, application or data. This process ensures that only authorised users can access sensitive information and is more secure than traditional username and password authentication.

Strong authentication can be achieved through several methods:

MFA increases security against attacks such as phishing, social engineering or stolen passwords, as an attacker must overcome at least two different factors to gain access.

FIDO (Fast IDentity Online) is a set of standards for authentication that enables passwordless login with biometric or physical keys.

WebAuthn, which stands for Web Authentication, is a web standard that provides strong and phishing-resistant authentication using public-key cryptography.

Authentication is verifying a user's identity to ensure they are who they say they are.

Authorisation, in turn, refers to the process by which an authenticated user is granted access rights to specific resources.

With passwordless authentication, the user's identity is confirmed by other factors such as biometric features (e.g. fingerprint, facial recognition) or app-based multifactor authentication.

Authentication without a user name uses QR codes, access apps and biometrics to grant authorisation to access data and information.

The transaction confirmation is used as part of a broader authentication process and serves as an additional security measure to ensure that the transaction is authorised and legitimate.

Single Sign-On

Single Sign-On (SSO) allows users to log in to multiple applications or websites with just one set of credentials, increasing security and ease of use.

OpenID Connect (OIDC) is an authentication protocol built on the OAuth 2.0 framework that enables secure and flexible login scenarios, such as single sign-on across multiple applications.

Open Authorisation (OAuth) is an authorisation scheme that allows third-party applications to access resources on behalf of a user without the user having to reveal their credentials.

Security Assertion Markup Language (SAML) is an XML-based programming language for the electronic exchange of authentication data between different security domains, especially between identity providers and service providers.

Get detailed information about Single Sign-On in our white paper. Download it now for free!

Biometric Authentication

Biometric authentication identifies a person by their physiological or behavioural characteristics such as fingerprints, iris or facial recognition.

The overall term "ID verification" refers to the process of checking a person's identity to ensure that they really are who they say they are.

The following free white paper provides comprehensive information on biometric authentication and its importance for the customer journey.