Overview
In the face of the current remote and hybrid workforce landscape and escalating cybersecurity threats, the need for an adaptive identity verification solution that provides a comprehensive, flexible, verification mechanism is more crucial than ever. Flexible identity verification options are essential to ensure a smooth and secure onboarding experience, allowing companies to verify the identity of users without the need for physical presence.
Secure enrollment processes are a frontline defense against account takeovers. By ensuring that only legitimate users can enroll and obtain credentials, organizations reduce the risk of compromised accounts. When identity verification is not thorough, it leaves organizations and individuals vulnerable to social engineering attacks and their consequences.
Recognizing that identity lies at the core of security, setting up secure enrollment processes is the first and most critical step to protect against unauthorized access and data breaches. It is essential to establish trust through strong identity verification methods before people can start using their credentials.
Solution Summary
To meet a broad spectrum of organizational and application needs, RSA offers a comprehensive selection of Identity and Access Management (IAM) solutions including multi-factor authentication (MFA), single sign-on (SSO), governance and lifecycle.
Today, RSA My Page, a self-service portal to manage the credentials and authenticators, offers flexible enrollment options, including one-time enrollment choices and more. By seamlessly integrating with external identity verification services, it can now allow remote verification of an individual's identity, eliminating the need for a physical presence.
Self-Service Registration with the Highest Assurance
RSA My Page is a cloud-hosted SSO portal that enables self-service registration for any cloud authenticator using the “My Authenticators” functionality. It allows you to manage user credentials and applications in one place. In addition, it strengthens security by integrating identity verification into the RSA credential enrollment process, all without sacrificing convenience.
Powerful Identity Verification Workflows
Identity verification solves the link between a user’s physical and virtual identities. Employing workflows to establish the correct level of trust for that specific interaction guarantees the best blend of security and friction for an organization to know exactly who the user is.
No Code Needed, Standard-Based Configuration
The RSA Cloud Authentication Service (CAS) offers a simple configuration with no coding necessary. Additionally, CAS leverages the OpenID Connect (OIDC) standard framework to integrate with external identity verification services.
Use Case
This section describes the integration between RSA My Page and ID Dataweb verification services to manage the secure enrollment workflow prior to the first RSA credential registration.
Enrollment
After integrating RSA My Page and ID Dataweb verification services, administrators can provide access to My Page (i.e., My Authenticators self-service for new users with no registered authenticators through a separate “/enroll” endpoint). This endpoint is protected by an initial authentication option followed by an ID Dataweb verification workflow through our User Verification OpenID Connect (OIDC) connector. Administrators can use any ID Dataweb verification workflow they deem sufficient to provide users with access to My Page, so they can securely enroll for their first RSA authenticator.
In the above example, Password is used as the initial authentication method followed by ID Dataweb’s BioGovID verification workflow.
ID Dataweb’s identity verification workflows are IAL 2 certified and flexible enough to create the exact digital experience you expect for your users. Pre-built templates allow you to craft an identity verification journey for your security and user experience needs. Pre-built workflows ensure the highest pass rates possible for good actors. Identity verification workflows use all three factors: what you have, what you are, and what you know.
For Identity Verification, we have the following workflows:
- MobileMatch verifies the user’s identity by matching the claimed identity with phone possession, phone ownership, and credit bureau data.
- BioGovID verifies the user’s identity by matching their live selfie and identity data with an authentic government ID.
- DynamicKBA verifies the user’s identity by ensuring that they know the answers to dynamic knowledge-based questions (KBA) that only they can know.
These templates can work together in workflows to ensure the highest possible pass rates of good actors.
Features/Benefits
- Verifies user identity during credential enrollment and recovery process to safeguard against social engineering attacks.
- Provides simple and no-code configuration using OIDC standard framework to integrate ID Dataweb identity verification solution.
- Easily embeds identity verification features into credential enrollment and recovery workflows.
Getting Started
This feature is currently available as an add-on to any qualifying ID Plus package. If you are interested in this feature, please contact your RSA Sales Representative.
