Skip to main content

Passwordless Enrollment

The enrollment to passwordless authentication happens the first time the user wants to login to SAML enabled service after Secfense IdP is deployed.

The user experience, and event order looks as follows:

  1. User expresses intent for authentication in SAML enabled service;
  2. The service redirects user to internet browser where they can enter credentials;
  3. These credentials are then encrypted using a secure AES ciphe;

saml process 1

  1. The ciphertext containig the username and password is sent to on premis Secfense Broker using TCP Long Polling protocol;
  2. Secfense Broker deciphers the credentials and uses them to validate the user against customers own IAM;

saml process 2

  1. Once the user is verified Secfense Broker sends an Auth Response to the IdP which in turn sends SAML response to users browser and authenticates the user.

saml process 3

After the authentication is concluded the users receives an invitation to transfrom their credentials to FIDO 2 passkeys and go passwordless.