Always the right level of security
Combine a friction-free user experience with optimal security. Offer your user the authentication solution that suits their phase in the customer journey and takes into account their location, device reputation or the value of a transaction.
TrustBuilder powers adaptive authentication
TrustBuilder helps you select the best suited authentication mechanism based on the sensitivity of the accessed application or resource and based on the user session context.
Phone as a token
TrustBuilder uses Attribute-based Access Control (ABAC), which allows organizations to easily decide what attributes are needed for what level of authentication. Organizations can even create their own attributes to tailor the solution to their own particular requirements.
Support for all authentication mechanisms
As TrustBuilder is built on the principles of openness and connectivity, we support different authentication mechanisms that an organization wants to use: from username / password to Multi-Factor Authentication, social identities, behavioral authentication. This allows organizations like retail banks to adapt the authentication mechanism to a resource’s level of sensitivity.
Easy set-up of policies
The Workflow Engine uses a graphical user interface to define dynamic authentication policies. Organizations can define the level of authentication required and what attributes are in play for what authentication, based on the customer journey.
Security that follows the customer journey
Applications are not born equal, nor are resources or data. When granting users access to applications or resources, it is critical to know what level of authentication needs to be imposed on the user in question. Different authentication methods and mechanisms may need to apply.
Diﬀerent authentication levels for diﬀerent scenarios
Oﬀer your customer authentication methods based on their behavior. Simple authentication for logging into your banks’ mobile app and additional authentication for making a ﬁnancial transactions. And whenever the monetary value of transaction bypasses a certain threshold, the system will prompt a next step, for instance by using 2 Factor authentication.
Adaptive authentication is all about combining various methods and solutions to build an authentication journey based on the security sensitivity of the performed user action. Based on what resource a user wants to access, the context will be verified in order to derive the user’s privileges.
If a customer visits the website of a bank, no security is required: the marketing pages of a bank are open for everyone to see, even when a user wants to make a calculation for a loan. Based on some attributes such as the computer or IP address, the marketing department can already identify their customer to give the best rates. However, as soon as the user wants to consult his accounts, additional security will be requested, for instance by verifying a fingerprint or providing a pin number.
That might be sufficient for making a small payment or updating your beneficiaries, but whenever the monetary value of a transaction exceeds a certain threshold, the system will trigger and prompt a next step, for instance by using 2 Factor authentication, a software authenticator or even a hardware token. Or whenever the transaction is initiated from an unusual location, additional verification steps might be triggered.
In the above examples, the nature of the session (account balance check, payments, update beneficiaries, location…) are all attributes of a specific context and can invoke different or additional security policies.
Advantages of Adaptive Authentication
Adaptive authentication is interesting, both for the consumer and for the organization giving access to its resources.
Better customer experience
Consumers don’t want to be bothered with entering credentials when that is not needed. By applying adaptive authentication, you only ask customers for extra information when it is needed. By using lightweight and easy authentication mechanisms, companies can reduce the burden on their customers.
The right level of security
When organizations map out the customer journey, they can define at what moment stronger authentication is needed and incorporate diverse authentication methods like biometrics to enable passwordless login to eliminate bad user experiences, without compromising security.
How to implement Adaptive authentication
Integrations out of the box
In a real-world environment, adhering to just one standard or protocol is not enough.
Since openness is at the heart of TrustBuilder Identity Hub, we support multiple external repositories, third-party authentication technologies and external vendor solutions.
We support authentication through directories (Azure Active Directory, Microsoft AD), social login (Facebook, Google, LinkedIn), Identity Providers (eHerkenning, itsme, iDIN), and next to our own mobile authentication solution, we also support specialized security providers (Gemalto, HID, OneSpan, RSA).