Download as PDF, PPTX
Uploaded byWSO2
WSO2 Guest Webinar: Securing SaaS Apps with Multi-factor Authentication with MePIN and WSO2 Identity Server
The document discusses securing SaaS applications through multi-factor authentication (MFA) using MePIN and WSO2 Identity Server. MePIN offers a flexible solution for strong authentication across various devices and channels, supporting multiple authorization methods including biometrics, while WSO2 provides federated identity management and automated account provisioning among heterogeneous systems. Both solutions aim to enhance security by eliminating reliance on passwords and offering robust features for secure online transactions and identity management.
More Related Content
Similar to WSO2 Guest Webinar: Securing SaaS Apps with Multi-factor Authentication with MePIN and WSO2 Identity Server
![[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...](https://cdn.slidesharecdn.com/ss_thumbnails/4-181113094708-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service](https://cdn.slidesharecdn.com/ss_thumbnails/choreo-deck-250328074645-511dded7-thumbnail.jpg?width=640&height=640&fit=bounds)
WSO2 Guest Webinar: Securing SaaS Apps with Multi-factor Authentication with MePIN and WSO2 Identity Server
- 1. Securing SaaS Appswith Multi-Factor Auth with MePIN and WSO2 Identity Server info@meontrust.com
- 2. - a strongauthentication company n MePIN / Meontrust Inc; founded 4/2010 n Venture funded from Finland, US & HK n R&D locations; Helsinki & Oulu, Finland n MasterCard Start Path company n Customers and partners globally
- 3. Passwords are not enoughanymore World is going mobile but require omnichannel experience Legacy is slow, clumsy & expensive Why mobile Multi-Factor Authentication?
- 4. authentication and authorization Fast. Mobile. Secure. Strongsecurity with user convenience
- 5. Strong authentication onany channel Auth APIIdentity and Access Management Authenticate and authorize with a digital signature MePIN server PKI Access anywhere
- 6. Flexible solution, formultiple use cases ... n Multi-factor authentication and/or secure passwordless login n Dynamic, Service Provider set auth policy - tap, PIN, fingerprint or face n Patented linking to a service or passwordless login with an Access Code n Secure online transaction authorization n Subscriptions, orders, invoices, expenses, anything … n Provides digital signatures and non-repudiation of transactions
- 7. Multi-factor authentication with n Works on any channel and device n Login on PC, tablet, mobile, TV, etc, etc n 3 optional modes / authentication methods: n 2FA mode; username + password + authorization n Reactive mode; username + PIN/FP authorization n Active mode; username + active authorization
- 8. authentication: 2FA mode n Login with username + password n Usernames and passwords managed by Identity Server n Authorize with a MePIN enabled app n Authorization can be a simple tap, PIN, fingerprint or face recognition +
- 9. authentication: Reactive mode n Login with username only n Authorize a login request with a PIN, fingerprint or face recognition on a MePIN enabled app + or
- 10. authentication: Active mode n Login with username only n The service shows an Access Code, valid for 60 seconds n Authorize the login by scanning the code with the MePIN enabled app or entering it manually + or
- 11. Digitally signing transactions n Request users to authorize transactions n Authorization policy can be set per transaction (a tap, PIN, fingerprint or face recognition) n Every authorized transaction is digitally signed by the user's private key
- 12. n Remote revoke,lock or unlock the app n Self service or from management n Re-enrollment after lost or changed device n Self service or from management n Optional multi-device support n User can confirm with any one of her devices n Trusted messaging inbox for user messaging n Authenticated interactions (in-app browser) Device lifecycle and other major features
- 13. Extendable biometrics support n Pick and choose your biometrics n Fingerprints n Face recognition n Eye verification n Anything the future holds … n Biometric info stored only locally in users´ devices
- 14. Flexible deployment andintegration options MePIN library Customer's mobile app Customer branded ID app MePIN SDK or ClientServer On-premise Mixed (hosted PKI) Fully hosted or or or
- 15. Complete future proofauthentication platform Mobile PKI + biometrics FIDO U2F/UAF Mobile & HW TOTP SMS OTP Paper OTP High security + high usability Legacy users + fallback options
- 16. Security audited solutionand source code
- 17. … because passwordsare evil.
- 19.
- 20.
- 21. o 5th GenerationProduct o Current version 5.2.0 (Sept 2016) o Why did we build it? o Federated identity and entitlement is a key part of any distributed architecture o Internal security threats, Partnerships o Mergers, De-mergers o APIs, Cloud systems o SSO is important but need to federate and bridge across SSOs o Open Standards for Identity are changing the industry landscape o Based on WSO2 Carbon platform, which provides support for multi-tenancy, logging, clustering, and other common services
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44. Extensibility ● Authen'cators ○ FIDO, IWA, Facebook, LinkedIn, MePIN, SMSOTP, Yammer, Foursquare, Tiqr ● Provisioning Connectors ○ Google Apps, Salesforce, SCIM, SPML, Inwebo ● User Store Managers ○ LDAP, AD, JDBC ● Policy Enforcers ● Policy Informa'on Points
- 45. Extensibility ● Authen'cators ○ FIDO, IWA, Facebook, LinkedIn, MePIN, SMSOTP, Yammer, Foursquare, Tiqr ● Provisioning Connectors ○ Google Apps, Salesforce, SCIM, SPML, Inwebo ● User Store Managers ○ LDAP, AD, JDBC ● Policy Enforcers ● Policy Informa'on Points
- 46.