Employee enrollment with VeridiumID: Six steps to passwordless authenticationFred O'Connor | August 21, 2019
Veridium’s dedicated to providing a better employee authentication experience by helping companies adopt passwordless authentication using biometrics. We believe that using what you are to authenticate is easier and more secure than using something you know.
To help organizations better understand the steps that employees have to take to go passwordless with VeridiumID, we asked Veridium Chief Product Officer John Spencer to explain the enrollment process. In the example he provided, an employee is enrolling into an Active Directory environment, enabling passwordless authentication into Outlook. Other identity and access management infrastructures that Veridium works with includes Azure Active Directory, Okta and any LDAP-compliant directory.
Here are the six steps employees need to take to use VeridiumID for passwordless authentication.
Step one: Download VeridiumID from popular mobile app stores
Employees can download the VeridiumID app from either Apple’s App Store or Google Play. An SDK is also available if an organization wants to write its own application.
Step two: Scan a QR code to pair a smartphone with VeridiumID
After downloading the app, an employee’s smartphone needs to be paired to the VeridiumID server, which can be deployed either in the cloud or on-premise. An administrator providers the pairing QR code that will link an employee’s smartphone to the organization’s VeridiumID server. After an employee scans the code, VeridiumID checks the smartphone to ensure that it’s not jailbroken or blacklisted in anyway. An enterprise can set different parameters for the minimum enrollment requirements.
Step three: Link an employee’s smartphone to an application
Next, employees enter their user name. VeridiumID binds the smartphone to the person’s account by looking for that user name in an organization’s identity and access management (IAM) environment, which can include Active Directory, Azure Active Directory, Okta or any LDAP-compliant directory.
Organizations can customize the authentication information that’s requested from employees in this step. In addition to a user name, employees can be challenged to enter a password, a one-time password or another form of authentication.
Step four: Confirm the user name and phone number
After employees enter their user name, VeridiumID’s server looks for the name and the smartphone’s number in the organization’s IAM environment. Once the VeridiumID server confirms this information, an employee receives a text message containing a code, allowing VeridiumID to complete enrollment securely.
Step five: Use SMS to complete enrollment
To complete the enrollment process, an employee enters the code enter their VeridiumID mobile app. The smartphone is now tied to the user account that was validated against the organization’s IAM environment.
Step six: Stop using passwords
The employee can now use the smartphone’s biometric sensors instead of a password to authenticate into the application that’s tied to VeridiumID.
Going passwordless with VeridiumID
In addition to authenticating into Active Directory and LDAP-compliant directories, VeridiumID enables passwordless authentication for many popular enterprise applications, including Citrix, Salesforce and G Suite. VeridiumID can also be used for passwordless customer authentication (think bank customers approving high-risk transactions) and transaction authentication (think complying with PSD2’s strong customer authentication mandate). By eliminating passwords with Veridium, organizations can offer their employees and customers a faster and more secure authentication process.
Watch this video to see a demonstration of how employees can enroll with VeridiumID.