1 Introduction
Digital identity is a primary vector of attack in nearly all the headline-grabbing data breaches of the last few years. Bad actors, such as fraudsters, state agents, and even malicious insiders or contractors, start by getting access to user accounts, then searching for administrative or service accounts to take over in order to exploit the elevated privileges that they possess. Whether the attackers’ goal is stealing credit card information, health records, or intellectual property, their Techniques, Tactics, and Procedures (TTPs) almost always include compromising passwords and using privileged accounts.
Eliminating passwords is an important goal in many organizations today. Strong, multi-factor authentication (MFA) is a requirement and important step to take in helping secure access to sensitive resources. MFA methods run the gamut from SMS OTP to hardware tokens to mobile biometric applications on smartphones. While MFA is necessary, it is not a panacea, and often risk adaptive authentication is needed as well. Adaptive authentication solutions evaluate various user, device, and environmental attributes against pre-defined policies to determine which MFA methods are appropriate for accessing sensitive data in consideration of the real-time risk levels. MFA, in concert with adaptive authentication, are often used to protect critical assets in governments and the finance, healthcare, pharmaceutical, aerospace, and defense industries.
IAM encompasses standard features that can be used in B2E or B2C use cases as well, but IAM in the B2B context has specific requirements that need to be addressed. B2B IAM services need to support customers, suppliers, and other partner organizations by providing capabilities such as support for multiple identity types, user delegation at different levels, strong authentication, self-service, and automation, to name a few.
Consumer IAM systems (B2C) are designed to provision, authenticate, authorize, collect and store information about consumers from across many domains. Unlike regular IAM systems though, information about these consumers often arrives from many unauthoritative sources. CIAM systems generally feature weak password-based authentication, but also support social logins and other authentication methods. Information collected about consumers can be used for many different purposes, such as authorization to resources, or for analysis to support marketing campaigns, or Anti-Money Laundering (AML) initiatives. Moreover, CIAM systems must be able to manage many millions of identities, and process potentially billions of logins and transactions per day.
Auth0 is a VC-funded identity platform provider based in Bellevue, WA. The Auth0 CIAM features can be augmented by licensing integrated components, such as breached password detection and MFA modules. Auth0’s flagship product can also provide identity management in B2E scenarios, B2B SSO, and serve as a bridge between existing IAM systems. Auth0 is distinguished by the fact that, rather than being a plug-and-play all-inclusive solution, the Customer Identity Management offering is also a set of components that their customers can choose from to build the identity infrastructure that best fits their requirements.