Read and learn more about security, identity and access management, standards,
OmniDefend features, industry news and other things we find interesting.
FIDO stands for Fast Identity Online. The FIDO Alliance was created with the main objective to eliminate the use of password over the Internet. Many industry leading online websites, PC manufacturers and other software and hardware vendors actively participate in the development of the FIDO standards. The FIDO Universal Second Factor (U2F), FIDO Universal Authentication Framework (UAF) and FIDO2 WebAuthn protocols have resulted from the work done by the alliance to standardize hardware and software around authentication in an effort to replace traditional usernames and passwords. The typical FIDO U2F implementation is to use a USB token as a 2nd factor for authentication to websites. You would still use your username and password, but then you would also be required to insert the token and authenticate the token before you can login. FIDO UAF implementations are typically done using a mobile phone as your authenticator. An application running on the phone can be notified when you are trying to login to a website and you are prompted to authenticate on your phone before you can login. OmniDefend’s mobile authenticator uses the FIDO UAF protocol and we will be doing another blog article on this later – so stay tuned. This article is going to focus on the FIDO2 WebAuthN standard and how OmniDefend takes advantage of this security standard.Read more
As the number of applications used in modern organizations continues to grow, IT admins are tasked with access management at scale. Standards such as SAML or Open ID Connect allow admins to quickly set up single sign-on (SSO), but access also requires users to be provisioned into the app. To many admins, provisioning means manually creating every user account or uploading CSV files each week, but these processes are time consuming, expensive, and error prone. Solutions such as SAML just-in-time (JIT) have been adopted to automate provisioning, but enterprises also need a solution to deprovision users when they leave the organization or no longer require access to certain apps based on role change. This article will talk about the System for Cross-domain Identity Management (SCIM) which an open standard for identity management across applications.Read more
In the past, single sign-on (SSO) was typically achieved only through “password fill”, where the SSO software would prompt the user the first time he or she visits a website to enter their password. Then the next time the user visits the site, the SSO software detects that there is a password saved and either automatically fills in the user’s password or prompts the user to authenticate before filling in the password. Softex’s OmniPass software and password save feature in Chrome, Edge and Firefox, are just some example of these SSO password managers. SAML was born from the idea that instead of saving a user’s username and password, a website that needed to login a user (“Service Provider”) could talk securely with the SSO software (“Identity Provider”), so the SSO software could authenticate the user’s identity and securely send back information about the user that authenticated so that the website could just login that user without any password. As long as the website were to “trust” the SSO software, this could be achieved.Read more
We have all used a website that allowed you to “Sign-in with Google” or “Sign-in with Facebook” instead of creating yet another username and password for that you have to remember. But have you ever wondered how this is implemented? Well this is where OpenId Connect comes to the rescue.
OpenId Connect was developed to allow website developers to enable single-sign on from a variety of different “identity providers” using a common API. Let’s say you are a developer creating a new website called acmeproducts.com. Now, instead of asking the user to create an account where he has to provide a specific username and password along with his name, address, and other personal information, you can now use OpenId Connect to request that information from the user’s favorite identity provider (e.g. Google or Facebook) where the user has already provided that information.Read more
OAuth 2.0 is an authorization protocol that allows a user to authorize access to data and APIs (resources) from one application to another. Even though OAuth 2.0 is not an authentication protocol, often times the user must be authenticated by the application providing access before access to resources can be authorized. In a nutshell, using the OAuth 2.0, protocol, a website that a user is trying to log into (also known as a service provider), can request authorization of the user to an identity provider (i.e. the SSO server). The identity provider can authenticate the user as it wants and can even prompt the user to authorize the access to the service provider. The service provider then receives an access token which can be used to call APIs or access the user’s data or identity information so the user can be logged into the website and can perform the operations required in the website.
You can read a more in-depth explanation of OAuth 2.0 in this Medium article. OmniDefend fully implements the OAuth 2.0 protocol and you can use OmniDefend to perform SSO to applications that support the protocol. In addition, if you are developing your own application, you can use the OAuth 2.0 protocol to allow users to use OmniDefend authentication to log into your website in a secure way.
Softex was one of the first companies to introduce single sign-on with biometric authentication in 1999 with our OmniPass product. Our OmniPass Client Edition was bundled with laptops and desktops from all the major PC OEMs (often under the OEM’s brand). Between our OmniPass Client and Enterprise Edition products, we have shipped over 100M+ copies to over 500 enterprise customers. However, after 20 years, OmniPass was starting to show its age. So in 2021, Softex introduced OmniDefend – a full identity and access management solution based on industry standards that can be deployed on-premise or in the cloud. So what can OmniDefend do for your organization?
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visist to our site you can disable tracking in your browser here:
We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Vimeo and Youtube video embeds: