New WSO2 Identity Server Release Provides Passwordless Authentication

Some 90% of all the security breaches can be avoided by using multi-factor authentication (MFA). Yet, the majority of enterprises still rely only on usernames and passwords—and avoid other strong second-factor authentication methods—to make user sign-on convenient. To help enterprises combine strong security with a simple user experience, WSO2 has introduced passwordless authentication with FIDO2 in the newest release of WSO2 Identity Server for developer-focused identity and access management (IAM).    

The passwordless authentication with FIDO2  is one of the three new enhancements that optimise WSO2 Identity Server for developers who need to build customer identity and access management (CIAM) solutions with usable but strong security in mind. The latest version also features a new self-care portal for end-users, along with a set of  RESTful APIs that enable developers to integrate any third-party systems with WSO2 Identity Server. 

An organisation’s user experience is the window to creating a first impression for its capabilities and trust. This is where CIAM enters, serving to drive an enterprise’s revenue growth by leveraging identity data to acquire and retain customers. In short, it’s a company’s new public face,” said Vice President and General Manager – IAM Business Unit, WSO2 Prabath Siriwardena. “With our latest release of WSO2 Identity Server, we are further empowering developers to simplify authentication for end-users and support the complex architectures required for effective CIAM solutions that bring better user experiences to their customers.”
  

Facilitating Development of CIAM Development 

WSO2 Identity Server is a uniquely extensible, API-driven, cloud-native IAM product designed for developers that build CIAM solutions. The open source WSO2 Identity Server incorporates the functionality to federate, authenticate and manage identities; bridge across heterogeneous identity protocols; and secure access to web and mobile applications along with API-based endpoints. Already, businesses and government organisations are using WSO2 Identity Server to manage up to millions of user identities. The latest release, available today, adds several new features that further empower developers to build CIAM implementations that are easier to manage and use. 

 

Passwordless Authentication 

WSO2 Identity Server now supports passwordless authentication using FIDO2, which is a phishing-proof passwordless authentication protocol developed as a joint effort between the FIDO Alliance and the World Wide Web Consortium (W3C).  

Registering to set up the authentication only takes a few seconds, and it frees users from having to remember complex character and number strings or take multiple steps to confirm their identities. As a result, it is particularly effective for industries with customer-facing apps, such as retail, banking, government, telecommunications, healthcare, and insurance. 

  

Self-Care Portal  

WSO2 Identity Server features a new self-care portal designed to enhance the experiences of end-users. The single-page, self-running app offers better performance and customisability, and it can be quickly deployed anywhere. It includes a new user interface (UI) for an intuitive customer experience and centralised theming with Leaner Style Sheets (Less) based theme/sub-theme functionality for easy customisation. 

Additionally, the modular architecture facilitates reusability, and it supports several industry-standard technologies in addition to Less, for easier adoption, such as the React JavaScript library, webpack module bundler, npm package manager, and TypeScript language, among others. 

  

Extended Support for RESTful APIs 

RESTful APIs are now preferred over SOAP services for modern applications and portals, and they are being used for the core management capabilities and end-user interactions that are essential for building cloud-based CIAM solutions. WSO2 Identity Server supports these environments by adding continuous support for RESTful APIs, including: claim management, template management, account association, and user store configurations.   

With RESTful API support, WSO2 Identity Server brings the advantages of REST to IAM app developers. REST is generally faster and uses less bandwidth. And because it is easier to integrate with existing applications, developers can work faster. Also, REST API schemas are defined as Swagger 2.0 documents. So, the APIs are easy to understand and consume, and they come with the software development kit (SDK) support inherent in Swagger. 

  

Availability and Support 

WSO2 Identity Server 5.10 is available today as an open source product released under the Apache License 2.0. WSO2 Identity Server is backed by WSO2 Subscription, which features access to WSO2 Update for continuous delivery of bug fixes, security updates, and performance enhancements, along with WSO2 Support for 24×7 support. Unified pricing means customers can simply buy a WSO2 Subscription and choose the hosting model—cloud, on-premises or hybrid—based on their preferences. Information on WSO2 Subscription and other service and support offerings can be found at https://wso2.com/consultant-services. 

  

About WSO2 

Founded in 2005, WSO2 enables the composable enterprise. Our open source, API-first, and decentralised approach helps developers and architects to be more productive and rapidly build digital products to meet demand. Customers choose us for our broad, integrated platform, approach to open source, and digital transformation methodology. The company’s hybrid platform for developing, reusing, running, and managing integrations prevents lock-in through open source software that runs on-premises or in the cloud. With offices in Australia, Brazil, Germany, Sri Lanka, the UK, and the US, WSO2 employs over 600 engineers, consultants, and professionals worldwide. Today, hundreds of leading brands and thousands of global projects execute over 6 trillion transactions annually using WSO2 integration technologies. Visit https://wso2.com to learn more. Follow WSO2 on LinkedIn and Twitter. 


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/