Introduction

Getting started with Beyond Identity

Overview

Welcome to the Beyond Identity Developer docs. The place where you can find product guides for the Beyond Identity Customer Identity and Access Management (CIAM) strong authentication product.

These guides provide the information and tools needed to implement the authentication user journey with Beyond Identity.
If you run into any issues or have feedback for us along the way, please let us know.

About Beyond Identity

Beyond Identity helps customers deploy the strongest authentication primitives on the planet, eliminating shared secrets for customers at registration, login, and recovery, as well as from your database.

Unique to Beyond Identity, customers never have to pick up a second device to enroll or perform multifactor authentication, passwords are never used on user flows and can be removed from your database, and you can implement risk-based access controls using granular user and device risk captured in real-time.

Backed by a cloud-native architecture, our platform reliably handles enterprise workloads and usage spikes for always-on services. Our range of SDKs found on this site, allows developers to get up and running quickly with Beyond Identity. All SDKs use industry-standard protocols (OIDC/OAuth2.0) and include a sample app.

How it Works

Beyond Identity leverages an implementation of asymmetric cryptography that is foundational to all modern authentication to completely eliminate shared secrets from the customer experience and your database.

Instead of shared secrets, Beyond Identity authenticates customers with two strong factors -- "something you are" from the device biometric and "something you own" from the private key -- without requiring a second device.

During enrollment, the user receives a binding token that prompts the creation of a unique, device-bound credential with a private key generated and stored in the TPM and a public key sent to the Beyond Identity Cloud.

During authentication, Beyond Identity issues a challenge signed by the private keys in the device’s hardware TPM, evaluates user and device security risk in real-time, and makes a risk-based access decision based on your security requirements.


What’s Next
Did this page help you?