Authentication

Types of authentication

A key task of IAM systems is to authenticate that an entity is who or what it purports to be. The most basic authentication happens when a person enters a username and password into a login screen. The IAM system checks a database to make sure they match what’s on record. Modern authentication solutions provide more sophisticated approaches to better protect assets.

Authentication vs authorization

Authentication refers to helping a single user sign on to a given platform with the correct credentials, in the form of a username and password.

Authorization involves giving users access to certain features of the platform depending on their level of control, from basic user all the way to root admin.

Single sign-on (SSO)

Single sign-on (SSO) solutions increase productivity and reduce friction for users. With one set of login credentials (username and password) entered one time, an individual can access multiple applications, switching between them seamlessly.

Multifactor authentication (MFA)

Multifactor authentication adds another layer of protection by requiring users to present two or more identifying credentials in addition to a username to gain access to applications. For example, you might be asked to enter a password and a temporary code sent by email or text message.

Biometric authentication

Biometric authorization, which can be used as one of the credentials for MFA, relies on a unique biological trait such as a fingerprint, retina, voice or face to verify identity. While biometrics offer strong authentication, they do require additional hardware, such as a fingerprint reader or scanner, and processing software.

Risk-based authentication

Also known as adaptive authentication, a risk-based authentication solution prompts a user for MFA only when it detects the presence of higher risk. This can be, for example, when the user’s location is different from what is expected, based on IP address, or malware is detected.