Some 90% of all the security breaches can be avoided by using multi-factor authentication (MFA). Yet, the majority of enterprises still rely only on usernames and passwords—and avoid other strong second-factor authentication methods—to make user sign-on convenient. To help enterprises combine strong security with a simple user experience, WSO2 has introduced passwordless authentication with FIDO2 in the newest release of WSO2 Identity Server for developer-focused identity and access management (IAM).
The passwordless authentication with FIDO2 is one of the three new enhancements that optimise WSO2 Identity Server for developers who need to build customer identity and access management (CIAM) solutions with usable but strong security in mind. The latest version also features a new self-care portal for end-users, along with a set of RESTful APIs that enable developers to integrate any third-party systems with WSO2 Identity Server.
“An organisation’s user experience is the window to creating a first impression for its capabilities and trust. This is where CIAM enters, serving to drive an enterprise’s revenue growth by leveraging identity data to acquire and retain customers. In short, it’s a company’s new public face,” said Vice President and General Manager – IAM Business Unit, WSO2 Prabath Siriwardena. “With our latest release of WSO2 Identity Server, we are further empowering developers to simplify authentication for end-users and support the complex architectures required for effective CIAM solutions that bring better user experiences to their customers.”
Facilitating Development of CIAM Development
WSO2 Identity Server is a uniquely extensible, API-driven, cloud-native IAM product designed for developers that build CIAM solutions. The open source WSO2 Identity Server incorporates the functionality to federate, authenticate and manage identities; bridge across heterogeneous identity protocols; and secure access to web and mobile applications along with API-based endpoints. Already, businesses and government organisations are using WSO2 Identity Server to manage up to millions of user identities. The latest release, available today, adds several new features that further empower developers to build CIAM implementations that are easier to manage and use.
WSO2 Identity Server now supports passwordless authentication using FIDO2, which is a phishing-proof passwordless authentication protocol developed as a joint effort between the FIDO Alliance and the World Wide Web Consortium (W3C).
Registering to set up the authentication only takes a few seconds, and it frees users from having to remember complex character and number strings or take multiple steps to confirm their identities. As a result, it is particularly effective for industries with customer-facing apps, such as retail, banking, government, telecommunications, healthcare, and insurance.
WSO2 Identity Server features a new self-care portal designed to enhance the experiences of end-users. The single-page, self-running app offers better performance and customisability, and it can be quickly deployed anywhere. It includes a new user interface (UI) for an intuitive customer experience and centralised theming with Leaner Style Sheets (Less) based theme/sub-theme functionality for easy customisation.
Extended Support for RESTful APIs
RESTful APIs are now preferred over SOAP services for modern applications and portals, and they are being used for the core management capabilities and end-user interactions that are essential for building cloud-based CIAM solutions. WSO2 Identity Server supports these environments by adding continuous support for RESTful APIs, including: claim management, template management, account association, and user store configurations.
With RESTful API support, WSO2 Identity Server brings the advantages of REST to IAM app developers. REST is generally faster and uses less bandwidth. And because it is easier to integrate with existing applications, developers can work faster. Also, REST API schemas are defined as Swagger 2.0 documents. So, the APIs are easy to understand and consume, and they come with the software development kit (SDK) support inherent in Swagger.
Availability and Support
WSO2 Identity Server 5.10 is available today as an open source product released under the Apache License 2.0. WSO2 Identity Server is backed by WSO2 Subscription, which features access to WSO2 Update for continuous delivery of bug fixes, security updates, and performance enhancements, along with WSO2 Support for 24×7 support. Unified pricing means customers can simply buy a WSO2 Subscription and choose the hosting model—cloud, on-premises or hybrid—based on their preferences. Information on WSO2 Subscription and other service and support offerings can be found at https://wso2.com/consultant-services.