Authentication

What is Authentication?

Authentication is the process of identifying access to a system in order to secure the features/facilities it provides. Even if your application doesn’t require secure access, implementing authentication can enable you to provide a consistent context no matter how that application is used.

Hi, I’m Peter Fernandez, an Innovator, Architect, Consultant and Engineer. I want to share with you some of my experience building Authentication (a.k.a. AuthN) into modern applications and how easy it is to do that using the Auth0 by Okta platform.

User Authentication

User Authentication is the process of identifying a user to your application in order to secure access to the features that the application provides. User authentication is typically performed via the interactive Login process with which we’re all familiar. But even if your application doesn’t require secure access, implementing user authentication can still enable you to provide your users with consistency – like a consistent profile context, which they can take with them no matter how they log in.

Machine Authentication

Machine Authentication provides secure access in a context where there is no user. Instead of an interactive login, a (fixed) set of ID & Password credentials are typically utilized instead. A somewhat less familiar mechanism, Machine Authentication, is used between services or devices when they need to communicate securely with each other – either in the foreground or in the background. Whilst Machine Authentication can be used in situations where processing occurs on behalf of a user, it’s more often used in situations where a user was never present at all.

User authentication, commonly known as Login, typically starts with an interaction where a user supplies their credentials for verification. Credentials come in a number of different forms, the most familiar being the UserID and Password. But forms associated with Passwordless authentication, Social, and Enterprise scenarios exist too. Once credentials are verified, an application will typically establish the session for the user, and, optionally, an SSO session can be established too.

…vs Logout

The converse process is typically known as Logout. When a user has finished interacting with an application, they will typically terminate their session explicitly via a logout, effectively de-authenticating. Or the application will terminate their session implicitly if no user interaction has occurred for a period of time. Optionally, a Logout can also terminate any SSO session – so that the user must again engage with the Login process interactively if they wish to use the application(s).

First-Factor…

The degree to which user authenticity (and, in some cases, machine authenticity) needs to be proven can vary considerably. First-factor authentication – typically known as (User)ID & Password authentication, but can include the likes of Social or Passwordless authentication – is always a given. However, certain scenarios, such as those that involve performing financial or (security) sensitive transactions, often benefit from the use of one or more additional factors.

…vs Multi Factor

Multi Factor Authentication, typically known as MFA, refers to the process whereby one (or more) factors are required in addition to whatever First-Factor authentication occurs for a user. MFA – also known as 2-Factor Authentication (or 2FA) where only one additional factor is used – provides for the additional verification of a user. MFA can occur immediately after First-Factor authentication or, in cases where SSO is utilized, under certain conditions typically referred to as Step-Up Authentication.

Authentication vs Authorization

Where Authentication is the process of identifying access to a system, Authorization – a.k.a AuthZ – is typically referred to as the process of determining exactly what permission for access is allowed. And it invariable requires Authentication as a pre-requisite!

Authentication Scenarios

Authentication comes in all shapes and sizes. From B2C oriented scenarios – where users are your direct customer – to B2B and B2B2C scenarios, where users are often other people’s customers too. And there are work force scenarios too, often referred to as B2E, where users are (also) employees of an organization. With workflows optionally using Passwordless, MFA and Social, thru service level access using machine authentication and all the numerous combinations in between, these are the use cases where Authentication plays a vital role. And you can click on the image to find out more in the provided guide.

Build it yourself?

You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?

Meet Universal Login…

Auth0 allows you to create a fully customized user authentication experience at the push of a button! With Auth0 Universal Login you can easily support features like SSO, Social and MFA, as a standard part of the out-of-box Login workflow. Let us focus on providing seamless access to all of the capabilities supported by the Auth0 platform – whilst you focus on building the core experience of your application.

…and the Authentication API

But user authentication is just a part of the story! Whether you’re building for B2C, B2B, or some combination, Auth0 – via its Authentication API – provides full programmatic access to all of the authentication capabilities on offer, making it easy to integrate for machine authentication or any other (custom) authentication use case. All whilst leveraging the full power of the platform at the same time.

Login

Technically known as UserID & Password login, fast-track development of both sign-in and signup experiences for your customers with beautifully branded workflows. All being integrated as part of Auth0 Universal Login out-of-the-box. Click on the image to discover more.

Social Login

Give your customers the choice of using their favourite Social Login provider, whilst at the same time addressing many of the common user onboarding challenges. Effortlessly and seamlessly enabled as part of Auth0 Universal Login. Click on the image to discover more.

Enterprise Federation

Deploy enterprise federated login for B2B and B2B2C scenarios at the push of a button! Effortless and seamless enablement, out-of-the-box with Auth0 Universal Login. Click on the image to discover more.

SSO

Reduce user authentication in your application(s), and provide customers with a single user profile – all delivered safely and securely as a standard in Auth0 Universal Login. Click on the image to discover more.

MFA

Out-of-the-box workflows for Multi-Factor Authentication come de facto as part of Auth0 Universal Login. And with the Auth0 MFA API you can build MFA as part of customized workflows. Click on the image to discover more.

Passwordless

For a secure, seamless, and all-around easier user experience, implement workflow(s) – such as Passkeys – that does away with the password at the flip of a switch. All are integrated as part of Auth0 Universal Login and also available via the Auth0 Authentication API. Click on the image to discover more.

Branding

From Auth0 Universal Login to email communications, build beautiful user authentication experiences that match the branding associated with your application(s)/organization.

Extensibility

Customize identity flows with visual drag and drop Actions to build functionality that will address your unique requirements. Click on the image to discover more.

Integrate with ease

With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.

Protocol Interoperability

Auth0 supports industry-standard Authentication protocols like OIDC and SAML, which use flexible and secure mechanisms – like the JWT format ID Token, and Assertion, respectively. Auth0 also provides protocol conversion, giving you the ability to easily deliver SSO between applications leveraging either authentication protocol.

Comprehensive Identity Management

Authenticating users is complex enough; the identity management of User Profile information, and the like, is an added complexity you can do without! Notwithstanding the need to comply with regulations such as GDPR or HIPAA, the task of allowing users to self-service change their password, email address, and/or update their personal details can often be a headache. Whilst this can help protect against the likes of Phishing and Vishing attacks, if not done right, can instead open up surfaces for potential attacks too! With Auth0, the likes of Password Reset and Progressive Profiling are provided out-of-the-box, and a focus on regulatory compliance will ensure that you’re always ahead of the game! Click on the image to find out more.

Flexible Factor Support

Via its in-built Extensibility, Auth0 provides easy-to-use low-code configuration for supporting the likes of Adaptive MFA – as well as the ability to deploy pro-code, fully customised authentication, for both First-Factor and bespoke MFA too! Click on the image to read more.

Architected Scenario Guidance

Whatever scenario you’re building for, Auth0 has comprehensive guidance to help you navigate through the design decisions often faced when building a Customer Identity & Access Management solution. Let our architecture scenario guidance for both B2C and B2B help you prepare for any eventuality.

Wyndham Hotels & Resorts reward 100M loyalty members with secure and seamless account access

Following its success with the Okta Workforce Identity Cloud (for their corporate and employee use), Wyndham wanted to extend the same secure, frictionless experience to its loyalty program users. By rolling out the Customer Identity Cloud to its 100M loyalty members, they were able to provide a secure and seamless experience and deliver a single Identity solution across the organization. Click on the Wyndham logo to read more about their story

Want to learn more?

Okta provides a wide range of courses to help you level up your skills. Why not click on the image to see what you can discover with Okta Training today?!

Stay informed

Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!

Begin the journey…

Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.

…or try a Demo.

If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!