Advanced Authentication Flows with Identity Server

WSO2 Identity Server ships with more than 35 connectors to support different authentication requirements. If you visit store.wso2.com, you can find all of them, and download and install into the product. Just like the product, all these connectors too, are released under the open source Apache 2.0 license.

Identity Server supports passwordless authentication with FIDO 2.0 — and mobile push based authentication with Duo and mePin. Also, we have partnered with Veridium and Aware biometrics to support biometric authentication. In addition to that Identity Server also supports RSA SecurID, TOTP, which you can use with the Google Authenticator mobile app, and then OTP over SMS and Email.

During a login flow, you can orchestrate between these authenticators by writing an adaptive authentication script in JavaScript. With that you can define how you want to authenticate a user based on environmental attributes (e.g: any HTTP header, geo-location), user attributes / roles (e.g: admins always log with MFA), user behaviors (e.g.: number of failed login attempts, geo-velocity), a risk score and more.

In the above video, I discuss a set of use cases and show you how you can apply adaptive authentication policies to address advanced authentication requirements. If you’d like to know how to set things up from scratch please join our slack channel for any help.