ForgeRock is adding Enterprise Connect Passwordless to its Identity Platform to provide no-code and low-code approaches for enterprises to add passwordless authentication to their IT infrastructure. Credit: BalanceFormCreative / Shutterstock ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations.ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure and provide end users with a unified login approach to all their applications.“While ForgeRock already offers passwordless authentication for mobile and web applications, the new Enterprise Connect Passwordless authentication extends passwordless capabilities to common enterprise infrastructure like workstations, databases, servers, and VPNs,” said Peter Barker, ForgeRock’s chief product officer.Prevalent passwordless authentication technologies include biometrics (for example, face, finger, and voice recognition), security keys, software keys, certificates, and behavioral analysis. ForgeRock offers no-code identity orchestrationEnterprise Connect Passwordless deploys no-code and low-code identity orchestration technology designed to give organizations a streamlined way to implement passwordless login access for end-user applications, the company said.“Built natively into our unified platform, orchestration journeys provide a low-code, no-code approach to effortlessly create, define and administer access experiences within ForgeRock to improve employees, contractors, partners, and consumers’ login experiences,” Barker said. “The drag-and-drop configuration makes it easy for teams to add security signal analysis, third-party integrations, and create simplified user registration, lost device, and help-desk flows.” Additionally, the orchestration technology allows organizations to adopt a passwordless access technology framework at their own pace — for example, starting with one application and then moving to other resources — without it being an “all or nothing” experience, Barker said.Organizations can define and deploy different run-time passwordless login access schemes to different users depending on context, and micro-segment select users for passwordless user acceptance testing (UAT), according to Barker.Enterprise Connect centralizes passwordless authenticationAmong other capabilities, the partnership with Secret Double Octopus will allow ForgeRock’s enterprise customers to let their end users access devices using a security key (for example, using YubiKey) without needing to remember and type in passwords.“The major enhancement introduced with this announcement is the centralized ability to manage passwordless authentication on endpoint devices in addition to traditional access points, such as web and SaaS apps,” said Steve Brasen, research director at analyst and consulting firm Enterprise Management Associates. “Few identity management platforms can centrally manage login screens on endpoint devices at all, and ForgeRock is the first to extend this capability to also support passwordless approaches.”The approach will also unify single-sign-ons (SSOs) so that once users log into their desktops, they do not need to re-authenticate in order to access other business resources.ForgeRock supports passwordless authentication capabilities through FIDO2 WebAuthn standards. The FIDO Alliance standard is an open industry association launched in February 2013 to help reduce “the world’s over reliance on passwords,” according to the group’s website. ForgeRock Enterprise Connect Passwordless capabilities will be available generally in the second quarter of 2023 for current customers. Related content brandpost Shifting security left: DevSecOps meets virtualization By Anthony Ricco, CMO of Corellium. 01 Jul 2023 4 mins Security news analysis Attackers add hacked servers to commercial proxy networks for profit Proxyjacking allows attackers to sell unknowing victims' unused network bandwidth. By Lucian Constantin 30 Jun 2023 4 mins Cybercrime news Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software. By Apurva Venkat 30 Jun 2023 4 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news First state-sponsored cyberattack against UK government revealed two decades later Rare insight marks the 20th anniversary of a state-backed malware attack on a UK government department. By Michael Hill 30 Jun 2023 3 mins Cyberattacks Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe