MFA Was Never Enough

2017 saw the launch of our bottom up redesign of the authentication capability within Access Management. Our previous functionality focused on linear authentication chains.  While this provided considerable power and maturity, we knew many customers wanted more. We started analysing the market, working with key customers and analysts back at the start of 2016.  We went through a root and branch approach and released our intelligent authentication trees feature later in 2017. The premise was simple: MFA was not enough, and we saw a common pattern where customers wanted 8, 10 or 15 different “factors” or signals in their user login journeys. Adaptability and agility were now as important as security.

Security + User Experience = Intelligent Authentication

Intelligent Authentication provides a rich digital canvas, where login workflows can be created and managed intuitively.  A collection of authentication components forms a “tree” with lots of different permutations and “branches,” that dynamically respond to the user and context being processed.

But not all signals or “nodes” are purely related to security. The end user consuming a service or application is a critical stakeholder in how it should be designed and operated. Signup and signin features need to be unnoticeable. To quote Coco Chanel “Dress shabbily and they remember the dress; dress impeccably and they remember the woman.”  Deliver a poor end user login process and you immediately create a barrier to the service or application you are trying to build trust with.

5 Steps to be “Authenti-great”

But what were the problems we were trying to solve?  Every ForgeRock customer uses authentication. Every (Ok, nearly every) web service out there requires authentication of some sort - even anonymous authentication, is not really anonymous.  So what is intelligent authentication fixing?

  • Improved end user choice - as an end user I want much more control over how I am identified - which device I use, which MFA option I want to use and when and so on.  Can that be done dynamically and responsively?

  • Improved device analysis - as a both an end user and security administrator I want to provide flexible login journeys that vary based on the device being used - a mobile login experience should vary to a laptop.  An Android experience may vary compared to iOS with FaceId for example

  • Improved threat detection - both end users and service owners want trust - trust is built on security and a key component is being able to integrate malware and botnet detection systems.  Can this be done as a business as usual configuration exercise? Can actors be identified as human or machine? As trusted or untrusted humans?

  • Improved insight - as login is such a critical component of an app or service, how can user and device insight be used to increase personalisation or create adaptive experiences?  Can you articulate for example how many users in EMEA login via Android or Chrome v66? Or, do abandoned shopping carts correlate to the login process taking more than 2 seconds?

  • Improve agility - whatever biometric or MFA is chosen today, tomorrow something new will come along.  How can CISO’s plan and allow business as usual changes to the authentication landscape?  Tight coupling and binding of authentication modalities is expensive and increases vendor dependencies and rigidity.

A new array of use cases, stakeholders and decision makers are now involved in the login design process.




What Next?

Start to understand not only your authentication requirements today, but roadmap future requirements - not only for both your end user community but your applications too.

The Intelligent Authentication video series will help you to understand how intelligent authentication can accelerate end user integration, improve security posture and allow for a future proofed digital canvas, application and service owners can build upon. Check out our first video below and click here to learn more about Intelligent Authentication.


KuppingerCole Leadership Compass - Adaptive Auth
Who Is Simon Moffatt?

Who’s Simon? Simon is a technical product dude here at ForgeRock. He has 16 years working in the identity game at companies like Oracle, Sun Microsystems, and Vaau. At ForgeRock, he helps to design new products - specifically in the Access Management space. Not only is he ambidextrous, but he can design with both hands...oh wait.

Recent Posts

What Our Identity Cloud Platform Milestone Means

It’s a very exciting day for the entire ForgeRock team. The release of the ForgeRock Identity Cloud is a big step forward in our company’s transformation and our ambition to lead the next era of digital identity. 

The Evolving Identity Cloud

At ForgeRock, we’ve been providing identity solutions since before it was cool. Founded on open source identity tools originally built by Sun Microsystems nearly a decade ago, ForgeRock continues to lead the market in comprehensive and innovative identity solutions.

Prevent Data Breaches: How to Build Your AI/ML Data Pipeline

Identity platforms like ForgeRock are the backbone of an enterprise, with a view of all apps, identities, devices, and resources attempting to connect with each other. This also makes them perfectly positioned to gather rich log identity data to use for preventing data breaches.