How to add 1Kosmos passwordless step-up authentication and user registration

Quickly protect any resource with Passwordless MFA (PMFA) and register new users without disruption to the access workflow.

  • No-code PMFA deployment quickly secures sensitive app resources without refactoring
  • Reduce friction by enrolling users to PMFA within existing access workflows
  • Support low-risk phased rollout and concurrent PFMA options for recovery
Ingredients
MFA
Step-up
1Kosmos
PMFA

Quickly deploy 1Kosmos step-up authentication to any protected resource or data

The recipe diagram

A simple user journey that simply works.

The sequence diagram

How everything comes together to authenticate.

Users love Maverics because they can secure specific apps or resources with new PMFA protection without disrupting the way they are usually accessed. Even better, users can register for this new PMFA service within the existing workflow and don’t have to wait for a separate onboarding meeting to access to the resources they need for their daily job.

  • The user navigates to the app through their existing access workflow, in this case Azure AD SSO
  • They then attempt to access a sensitive resource within the app, the “Executive Reports” tab
  • Maverics intercepts the request and directs them to 1Kosmos to check whether or not they are enrolled in PMFA
  • If the user is not enrolled in 1Kosmos, Maverics automates the Azure AD lookup to determine if they have the appropriate role and group attributes to access the data
  • The user is then routed to an inline 1Kosmos registration page that guides them through enrollment
  • If the user was already enrolled in 1Kosmos or the next time the newly enrolled user returns to the protected resource
  • Maverics automatically checks their permission attributes in Azure AD and then presents them with 1Kosmos PMFA
  • Upon successful authentication via the 1Kosmos app, the user is granted access to the “Executive Reports” tab

Admins love Maverics because they can quickly onboard users and protect sensitive app resources with PMFA in a fraction of the time since there is no need to change apps or IDPs. Fully Passwordless authentication projects often begin with targeted Step Up AuthN experiences, and decoupling authentication from the protected app resources through no-code orchestration makes the process simple.

  • Admin opens their YAML file for Maverics which is a simple top-down approach using a declarative model
  • Under the Connectors section, the Admin specifies that they will be using Azure and 1Kosmos
  • Admin then specifies 1Kosmos as the PMFA authenticator under their desired appgateway and/or authentication provider configuration
  • Once the URL is specified, the Admin then simply selects 1Kosmos in the configuration for PMFA step-up authentication
  • Upon users next visit the application and the “Executive Reports” tab, Maverics then orchestrates the 1Kosmos PMFA workflow

Ready to cook up your perfect identity modernization solution?

Stop juggling disparate identity services. Unleash the power of Strata’s orchestration recipes.
Whether you’re dealing with legacy app modernization or controlling multi-cloud access, Orchestration Recipes have got you covered.

Read the docsTry this in Maverics