Adaptive Authentication

Always the right level of security

Combine a friction-free user experience with optimal security. Offer your user the authentication solution that suits their phase in the customer journey and takes into account their location, device reputation or the value of a transaction.

 

TrustBuilder powers adaptive authentication

TrustBuilder helps you select the best suited authentication mechanism based on the sensitivity of the accessed application or resource and based on the user session context.

Password

One-time passwords

Certificates

Phone as a token

Attribute-based

TrustBuilder uses Attribute-based Access Control (ABAC), which allows organizations to easily decide what attributes are needed for what level of authentication. Organizations can even create their own attributes to tailor the solution to their own particular requirements.

Support for all authentication mechanisms

As TrustBuilder is built on the principles of openness and connectivity, we support different authentication mechanisms that an organization wants to use: from username / password to Multi-Factor Authentication, social identities, behavioral authentication. This allows organizations like retail banks to adapt the authentication mechanism to a resource’s level of sensitivity.

Easy set-up of policies

The Workflow Engine uses a graphical user interface to define dynamic authentication policies. Organizations can define the level of authentication required and what attributes are in play for what authentication, based on the customer journey.

Security that follows the customer journey

Applications are not born equal, nor are resources or data. When granting users access to applications or resources, it is critical to know what level of authentication needs to be imposed on the user in question. Different authentication methods and mechanisms may need to apply.

Different authentication levels for different scenarios

Offer your customer authentication methods based on their behavior. Simple authentication for logging into your banks’ mobile app and additional authentication for making a financial transactions. And whenever the monetary value of transaction bypasses a certain threshold, the system will prompt a next step, for instance by using 2 Factor authentication.

Adaptive authentication is all about combining various methods and solutions to build an authentication journey based on the security sensitivity of the performed user action. Based on what resource a user wants to access, the context will be verified in order to derive the user’s privileges.

If a customer visits the website of a bank, no security is required: the marketing pages of a bank are open for everyone to see, even when a user wants to make a calculation for a loan. Based on some attributes such as the computer or IP address, the marketing department can already identify their customer to give the best rates. However, as soon as the user wants to consult his accounts, additional security will be requested, for instance by verifying a fingerprint or providing a pin number.

That might be sufficient for making a small payment or updating your beneficiaries, but whenever the monetary value of a transaction exceeds a certain threshold, the system will trigger and prompt a next step, for instance by using 2 Factor authentication, a software authenticator or even a hardware token. Or whenever the transaction is initiated from an unusual location, additional verification steps might be triggered.

In the above examples, the nature of the session (account balance check, payments, update beneficiaries, location…) are all attributes of a specific context and can invoke different or additional security policies.

Advantages of Adaptive Authentication

Adaptive authentication is interesting, both for the consumer and for the organization giving access to its resources.

Better customer experience

Consumers don’t want to be bothered with entering credentials when that is not needed. By applying adaptive authentication, you only ask customers for extra information when it is needed. By using lightweight and easy authentication mechanisms, companies can reduce the burden on their customers.

The right level of security

When organizations map out the customer journey, they can define at what moment stronger authentication is needed and incorporate diverse authentication methods like biometrics to enable passwordless login to eliminate bad user experiences, without compromising security.

How to implement Adaptive authentication

TrustBuilder makes implementing Identity and Access Management capabilities such as Adaptive authentication as easy as possible. We built in connections to Identity Providers and Service Providers so you don’t need to customize these. We equipped the Workflow Engine with a Graphical User Interface that allows you to build customer journeys adapted to your business goals. Our platform conforms to all standards and our industry experience will help shorten time-to-market of your solutions.

Interested in more implementation info?
Check out our long read on the 5 keys to a successful implementation of your IAM 

Integrations out of the box

In a real-world environment, adhering to just one standard or protocol is not enough.
Since openness is at the heart of TrustBuilder Identity Hub, we support multiple external repositories, third-party authentication technologies and external vendor solutions.

Authentication methods

We support authentication through directories (Azure Active Directory, Microsoft AD), social login (Facebook, Google, LinkedIn), Identity Providers (eHerkenning, itsme, iDIN), and next to our own mobile authentication solution, we also support specialized security providers (Gemalto, HID, OneSpan, RSA).

Applications

Whether through support of standards or through customized connections, we easily integrate with webbased or on-premise office applications (Office365, Salesforce, SAP,…), collaboration tools (Cisco Webex, Box, DropBox, Evernote,…), infrastructure tools (AWS, Azure, Tableau,…) and – of course – security and connectivity applications (Cisco, F5, OneSpan, Thales,…).

If you do not find your preferred application or authentication method in our overview,
no worries: contact us to find our how we can deliver that connection.