Passwordless Enrollment
The enrollment to passwordless authentication happens the first time the user wants to login to SAML enabled service after Secfense IdP is deployed.
The user experience, and event order looks as follows:
- Users expresses intent for authentication in SAML enabled service;
- The service redirects user to internet browser where they can enter credentials;
- These credentials are then encrypted using a secure AES ciphe;
- The ciphertext containig the username and password is sent to on premis Secfense Broker using TCP Long Polling protocol;
- Secfense Broker deciphers the credentials and uses them to validate the user against customers own IAM;
- Once the user is verified Secfense Broker sends an Auth Response to the IdP which in turn sends SAML response to users browser and authenticates the user.