Apps can be connected to Cloudentity for user authentication. Users can authenticated with Cloudentity or external Identity Providers.
Cloudentity built-in Identity Pools have their dedicated identity connector – Identity Pool IDP – that you can connect to workspaces without any hassle in order to enable your users to authenticate themselves before acessing your applications.
Passwordless Authentication with Passkeys
When a user is asked to sign-in to an app or website, the user approves the sign-in with the same biometric or PIN that the user has to unlock the device (phone, computer or security key). The app or website can use this mechanism instead of the traditional (and insecure) username and password.
In accordance with FIDO standards, passkeys serve as a superior alternative to traditional passwords, offering quicker, simpler, and safer logins to websites and applications across a user’s various devices. Unlike conventional passwords, passkeys maintain a high level of security at all times and are resilient against phishing attacks.
Cloudentity sends a unique, time-limited verification code to the user’s pre-registered email address or mobile phone via SMS. Such verification code can be also generated and provided to the custom sign-in application to enable it to provide codes to users over channels.
With verification codes, users do not use a password - they use the code along their email or phone number to authenticate themselves. It makes verification codes more secure than using passwords, since codes are time-limited and sent to the user for one time use.
After the user provides their email, Cloudentity generates a unique, time-limited link and sends it to the user’s email address or mobile number. When the user selects the provided link, they are automatically redirected to the application and signed in.
At present, Cloudentity does not support the use of Magic Links via a user interface. The feature can only be utilized through API integration and custom sign-in pages.
User provides a unique identifier (such as a username, email, or phone number) and a password. Cloudentity verifies this information against stored user data. If the provided credentials match the stored ones, the user is granted access. This method is a common and fundamental way of securing user accounts.
External Authentication Providers
|What You Can Connect||What Users See|
Users use their existing login information from a social networking service, such as Facebook, Google, or GitHub, to sign into a third-party application. It simplifies the process by allowing users to authenticate themselves without the need to create and remember a new username and password for each site.
You can connect Google or GitHub to allow users to sign in using their social networking service.
Enterprise Authentication Providers
Business scenarios very often require identity federation where identities are created and managed across multiple domains or enterprises. Cloudentity allows you to:
Integrate with SAML apps
Standardize user data coming from different IDPs into one common authentication context schema
Approach to Authentication
Developers that are responsible for providing application users with a possibility to sign in to their accounts must decide between employing a universal or embedded login flow.
With Universal Login, users attempting to log in are redirected to a central domain where authentication takes place, before being redirected back to the app. Conversely, an embedded login flow keeps users within the same page, avoiding redirection to a central domain. The login widget is presented on the same page, and users' credentials are sent to the authentication provider for verification. In a web app, this process involves a cross-origin request.
At Cloudentity, we firmly believe that centralized (universal) authentication is the most robust and secure solution in the majority of cases! It eliminates cross-origin request present in the embedded authentication. By harnessing the full potential of OAuth, it not only satisfies the most stringent security requirements but also delivers a highly adaptable authentication experience.
Add Authentication to App
Your application simply needs to present users with a sign-in button, which, when selected, triggers a call to the Cloudentity OAuth /authorize endpoint. Users are then redirected to the login page (which you can brand if needed), where they can select from a variety of authentication/identity providers that you have pre-configured for their convenience! There’s no need to create intricate login screens or develop custom solutions for multi-factor authentication (MFA), passwordless authentication, and beyond.
This flexibility caters to various user needs, whether it involves offering multiple authentication providers to choose from or implementing multi-factor authentication (MFA) for added security. Thanks to branding and custom domains the login experience stays the same as with embedded login.