We are excited to announce our latest release of RapidIdentity and the new RapidIdentity Mobile App. Highlights from this latest release include:
- The new RapidIdentity Mobile App makes it easier to increase authentication security during sign-on.
- The 4.3 Release of RapidIdentity makes it possible to provide single sign-on (SSO) to nearly all web-apps with new support for OAuth 2.0 and the introduction a new Form-Fill authentication browser plug-in for web applications that do not support SSO protocols.
- The 4.3 release also includes several customer requested, time-saving templates and configuration settings.
RapidIdentity Mobile App
Enhanced Push and OTP Authentication Options Now Available with the New RapidIdentity Mobile App
Ensuring that only the right users have access to your organization's applications and sensitive data requires an authentication strategy that includes more than just traditional passwords, one that offers users a choice in how they authenticate.
Organizations can now add RapidIdentity PingMe™ to their mix of supported authentication methods with our new RapidIdentity Mobile App, as well as leverage the mobile app for one-time password (OTP). RapidIdentity PingMe can be used with the RapidIdentity MFA server, as a replacement for the 2FA mobile app, and with RapidIdentity Federation for application logins.
Passwordless Authentication with RapidIdentity PingMe
By deploying RapidIdentity PingMe, organizations can now implement highly secure, passwordless authentication for their RapidIdentity Accounts.
As long as you can login to your phone, you can login to your RapidIdentity accounts with RapidIdentity PingMe.
RapidIdentity PingMe eliminates password fatigue, and unlike OTP, there are no six digit passcodes to enter. In place of entering a password, users verify their identity by responding to a push notification that’s sent to their mobile phone.
From that alert, users can either approve or reject the authentication attempt. If a fraudulent login attempt is made, the account owner is alerted and can simply tap “deny” to stop the login attempt.
As the video demonstrates, RapidIdentity PingMe is a true, frictionless MFA solution. When the user combines PingMe with a locking function on their mobile phone a valid form of mulifactor authentication is now established. The user’s registered phone acts as the first authentication factor (what you have), and the phone’s touch ID (who you are) or pin (what you know) is the second.
Two-Factor Authentication with RapidIdentity OTP
With RapidIdentity OTP, providing a viable second verification factor is possible, even when users lack a cellular or wifi connection.
RapidIdentity OTP generates a password that is valid for only one login session and changes every 30 seconds. Time-based one-time passwords (TOTP) avoid a number of shortcomings that are associated with traditional (static) passwords, such as being vulnerable to replay and keystroke logging attacks. Even if a potential intruder manages to steal an OTP that was already used to log into an application, they will not be able to use that same OTP again, since it is no longer valid.
RapidIdentity TOTP algorithms execute on the device, so organizations can deploy TOTP as an alternative login for when users need access to protected systems and lack a cellular or wifi connection.
- Enable Users to Consolidate All Third-Party OTPs On A Single App.
The RapidIdentity Mobile App can also be used to generate TOTP passcodes for third-party SaaS services and web applications that support OTP, enabling end-users to consolidate accounts from other authentication tools into a single app. The RapidIdentity Mobile App supports a broad spectrum of web-based apps, including Gmail, LastPass, Evernote, Dropbox, Facebook, Twitter, and any other service that uses a standard one-time password
The RapidIdentity Mobile App enables push and OTP verification to all RapidIdentity accounts and other third-party sites that support OTP.
- Enhance Security For Each Account.
The RapidIdentity Mobile App can be configured to require a PIN or fingerprint for each OTP account. Only after the user is validated, is the account-specific passcode revealed. That means, even if your phone is stolen, your passcodes are not exposed.
- Add and Sync Additional Devices.
The RapidIdentity Mobile App automatically captures the OTP secret whenever a new account is added to the app. By default, the secret is masked, but can be revealed, so that the same OTP can be used on a second device without having to reconfigure both systems. This saves significant time and back-and-forth with IT, as typically, users would need to get support/an administrator to reset the TOTP keys. The user would then add the TOTP account on both devices.
How to Get Started
For RapidIdentity accounts, the RapidIdentity Mobile App needs to be activated and linked to your account before it will work. You will receive an activation link as part of the RapidIdentity enrollment process. Third-party accounts can be added at any time.
Legacy 2FA customers: The RapidIdentity Mobile app is also designed to replace the 2FA One App (Google Play / Apple).
Please note, the mobile app is for MFA only and does not offer access to the RapidIdentity Portal.
Give Your Users Choice with How They Authenticate
With a one-size-fits-all approach to authentication, certain contextual situations can make specific authentication methods sub-optimal or even impossible, such as receiving Push or SMS notifications while on a flight. The latest release of RapidIdentity overcomes this challenge by providing users with multiple authentication options.
Taking different contextual situations into account, such as working offline or not having a second device on-hand, reduces user frustration, support call hassles, and downtime.
Enable SSO to More Web-Apps with the New RapidIdentity Browser Plug-In for SSO
Without getting too technical, bad actors are now using Cross-Site Scripting (XSS) to execute malicious payloads on popular websites and web applications. These attacks are on the rise, driving the need to implement more stringent vulnerability safeguards.
While necessary, many of these security fixes are unfortunately breaking traditional agentless form-fill authentication tools required to provide SSO to web applications that do not support SAML and OAuth. To address this challenge, RapidIdentity has introduced a browser form-fill plug-in.
RapidIdentity alerts you when the new browser plug-in is needed and guides users through the quick-and-easy download and installation process. Browser support for this new plug-in includes Chrome, Safari, Firefox, Internet Explorer, and Edge.
Color Code Your Application Icons for Easy, Intuitive Identification
With the explosion in the number of cloud-apps now available, it is not uncommon for RapidIdentity administrators to manage hundreds of applications, with many instances of the same application. In our last release, we introduced several new portal enhancements to help users and administrators better organize their applications. With this release, we are adding another organizational tool – color coding.
RapidIdentity’s new vibrant color scheme not only enhances the look and feel of application portal screens, but it also provides a new visual organizational tool for administrators and users.
Since people recognize color much faster than they can read text, using color as a visual label is another opportunity for improving efficiency. For example, assume you are centrally managing the applications for a global organization with operations in various countries. Each region has its own back-office operations, meaning they have many of the same applications, but unique instances. With our new color-coding capability, you can assign each region a unique application icon background color. Now identifying the right HR system for Asia is as easy as looking for Peoplesoft blue.
Organization's can also use the background colors to distinguish data sensitivity classifications. For example, an HR system containing sensitive data would have a red background, but a public directory that doesn't contain any would have a white background.
Of course, using our new color scheme for organization purposes is strictly up to you. Many customers are adding the new color backgrounds simply to jazz-up their portal appearance and increase user enjoyment.
Additional Capabilities Included in the RapidIdentity 4.3 Release
- Provider support for the federation protocol, OAuth 2.0.
RapidIdentity now serves as an OAuth 2.0 provider for web-based services, such as Edmodo. Now users can access their applications using RapidIdentity credentials - rather than having to remember and enter yet another set.
- New predefined application configurations.
Definition configurations for Amazon.com, Pinterest, Google Gmail, edX, Blackboard, Shutterfly, Eduphoria, RenLearn, Aeries, and Ruckus, are available to be imported in RapidIdentity. With these configurations, administrators have everything they need to integrate new applications into their environment. No need to call Identity Automation support, although we are always on call to help.
- New pre-built connect Action Sets available for import.
For administrators handling their own implementations, RapidIdentity pre-built Action Sets are can save days or even weeks of development effort. No expertise, research, or guesswork required. Simply import these Action Sets, configure a few variables, and they are ready to use. New Action Sets available with this release include:
- ADtoHipChat - Template containing recommended structure for solutions that sync data from Active Directory to Atlassian HipChat.
- ConvertStringsToCamelCase - Loops through a record and converts values to camel case. There is an option to escape certain fields and an option logic to eval the "sn" field for first two characters equal to "Mc", which when true it then capitalizes the third character (ex. McCure).
There are currently sixteen pre-built RapidIdentity Action Sets available that facilitate full identity lifecycle management for common systems, such as Google, Active Directory, Office 365, various databases, and file systems. These pre-built Action Sets are fully supported, and new ones are regularly being added.
- SCIM 2.0 Support.
For customers that want to provision to new SaaS applications that support the SCIM 2.0 standard, this release includes all of the tools and assets you need. There’s no need to research and understand the standard, requirements of the application, or to build the necessary action steps. Just import the project, add a couple of data points, and execute.
- Required profile data prompt during the initial account claiming and subsequent logins.
Adding new systems, workflows, and services to your digital ecosystem sometimes requires capturing and sharing new user profile data, such as a mobile phone number or recovery email account. Collecting this data is typically a manual and often fruitless effort. As anyone that has gone through this will tell you, it is extremely difficult to get users to provide additional personal data voluntarily without significant pressure and shepherding. To help remove this burden, RapidIdentity has added an automated forcing function that enables administrators to require specific data fields to be completed when new users claim their accounts or during a future login for users with established accounts. For example, in order to provide text alerts or temporary passwords in the self-service process, a current phone number is needed.
If you’re ready to upgrade to the latest release of RapidIdentity at no additional charge, call 877-221-8401 or email firstname.lastname@example.org to contact our Support team today.