Partner Spotlight: Streamlining Authentication at Scale With IDEMIA
Axiad and IDEMIA have been trusted partners in the identity-security space for almost a decade, helping some of the biggest and most influential brands in the world tackle their authentication technology challenges.
By provisioning and managing IDEMIA smart cards and hardware tokens through Axiad’s SaaS-based advanced authentication toolset, Axiad Cloud, organizations can uphold strong zero-trust principles. PKI-based certificate-based authentication (CBA) serves as a cornerstone of this approach, enabling secure and seamless access to resources while mitigating risks associated with unauthorized access and credential compromise.
Read on to learn how the hardware-based authentication solution offered jointly by Axiad and IDEMIA enhances the implementation of zero-trust principles and boosts security while optimizing every user experience.
About IDEMIA
IDEMIA’s mission is to make the world safer through its decades-long experience in biometrics and cryptography. IDEMIA’s technology leadership and cutting-edge expertise makes it the partner of choice for more than 600 government, state, and federal organizations and 2,400 enterprises in more than 180 countries world-wide.
In the U.S., IDEMIA was a pioneer in meeting the Federal Information Processing Standard Publication (FIPS) 201 personal identity verification (PIV) standard – which is the federal standard for identification cards – and for almost two decades has been the leading supplier of PIV cards and common access cards (CACs) to the U.S. federal market, serving more than 120 federal agencies, along with many corporate customers. As of April 2023, IDEMIA had produced and shipped 60 million smart cards to North America –a testament to the trust customers place in both the company’s team and expertise.
The company’s ID-One PIV® smart card combines physical and logical access credentials into one card, thereby eliminating the need for carrying multiple credentials. The card is manufactured according to FIPS 201 guidelines and (where applicable) FIDO2 Authentication standards for phishing-resistant multifactor authentication.
The Authentication Challenge + Federal Guidance
Existing authentication technologies like PKI-based hardware authentication have made it widely achievable to safeguard government users and systems. However, challenges can arise in deploying these technologies with the scale and versatility required by organizations and especially government IT, including:
- Serving thousands of users with varying levels of skill and experience.
- Accommodating thousands of systems across different platforms and operating systems.
- Integrating on-premises, cloud-based, and hybrid systems, all while adhering to specific authenticator assurance levels and security protocols.
The main obstacle lies not in a lack of strong authentication technology, but rather in the difficulty of automating large-scale provisioning of authenticators and credentials. This process involves managing the entire identity lifecycle, including issuance, account recovery, renewal, and revocation processes. This is where the power of combining Axiad and IDEMIA solutions comes in.
And, the sense of urgency for mandating and implementing authentication technology is real. Identity-based attacks only continue to grow in both potency and frequency. In fact, IDSA reported in their 2024 survey that 91% of organizations experienced identity-based attacks. While multifactor authentication has been available for years, most implementations are weak and do not provide true phishing resistance.
As such, the need for stronger and more efficient authentication technology has never been greater. The U.S. government acknowledges the need for stronger MFA as well, with two recent examples:
- The White House Executive Order 14028 and OMB 22-09, which mandates that all U.S. federal agencies, including agency staff, contractors, and partners, use phishing-resistant authentication to access systems and applications.
- The FBI’s Criminal Justice Information Services (CJIS) security update, which will enforce highly secure MFA throughout the entire Justice Department ecosystem by October 1, 2024.
It’s only a matter of time before this applies to all organizations.
The Combined Power
Axiad Cloud supports IDEMIA smart cards and FIDO-certified authenticators to provide customers with passwordless authentication and secure lifecycle management across their organizations. As part of the joint solution with Axiad, IDEMIA offers flexible form factors with both smart card and USB keys as hardware tokens. Customers can deploy whichever form factor is most convenient for their users. IDEMIA USB keys are also significantly more cost-effective than the market-leading USB key-based solution.
The top four benefits of the combined solutions:
- Efficient Credential Management at Scale – Axiad Cloud simplifies and streamlines key distribution and assignment at scale, including enrollment, renewal, and revocation of critical credentials. Organizations can view and manage the status of the credentials across the end user base, as well as enable end user self-service credential management. Enabling users to renew their own certificates on IDEMIA smart cards reduces admin overhead and increases ROI.
- Personalized Access – With IDEMIA smart cards, organizations can easily manage access to facilities, systems, and proprietary information. Smart cards support a variety of use cases, including hybrid work environments or geographically dispersed teams. Combining IDEMIA smart cards with identity management in Axiad Cloud allows organizations to provision and manage secure authentication from a single, simple-to-use platform.
- Fast Verification – IDEMIA smart cards are five times faster than comparable cards from a competitor. Axiad Cloud empowers end users with self-service account recovery, which reduces calls to IT support teams.
- Greater Level of Security – Awarded FIPS 140-2 Level 2 certification by the National Institute of Standards and Technology (NIST), IDEMIA smart cards are highly resistant to identity fraud, tampering, and counterfeiting. Axiad is one of only a few credential management solutions to make it through the rigorous FedRAMP-Ready status and expects to receive Authority to Operate (ATO) status with their federal agency sponsor this year. Together, Axiad and IDEMIA offer organizations phishing-resistant authentication that also meets compliance standards for the federal government.
Even More Benefits
Axiad Cloud and IDEMIA’s smart card and hardware tokens also offer support for heterogenous environments. Federal networks are known for their complexity and diversity relative to the private sector. Axiad Cloud is designed to seamlessly operate within these multifaceted IT landscapes, supporting a wide range of operating systems including Windows, Mac, and Linux. It is equally adept at managing environments with multiple Identity and Access Management (IAM) systems, and can integrate with on-premises, cloud-based, and hybrid setups.
This broad compatibility empowers enterprises and public agencies to standardize authentication, thereby eliminating inconsistencies and vulnerabilities in user authentication across their complex infrastructures. As a result, the management of large, complex authentication systems becomes more systematic and reliable, enhancing overall cybersecurity posture.
Axiad Cloud’s flexible framework ensures that as federal networks evolve, introducing new technologies and expanding capabilities, administrators have the tools needed to sustain consistent authentication practices across different platforms, technologies, and operational models. Using Axiad Cloud ensures that security protocols remain robust and unified, regardless of the network’s complexity or growth.
The combined solution also provides stronger security and a streamlined user experience. Because passwords are becoming easier and easier to hack, requirements for achieving “secure” passwords are becoming increasingly cumbersome. The current best practice is to use at least twelve characters of interchangeable lower case, upper case, symbols, and numbers. Using CBA with hardware tokens from IDEMIA leads to an improved user experience, as users no longer must come up with long, intricate passwords which they need to enter each time they authenticate – and change on a regular basis. Hardware tokens simply require a PIN, which is securely stored on the token (smart card or USB key), meaning they cannot be hacked. Further, account recovery no longer requires involvement by IT, saving both time and resources.
And finally, IDEMIA solutions can offer converged physical and logical access control. Most organizations have security badges for visually identifying employees and allowing them to access facilities via door readers. IDEMIA converged cards are backwards- compatible with the most widely-used door readers and physical access control systems using 125 kHz Prox, along with MIFARE®, DESFire®, and LEAF protocols, while supporting a secure PIV-based and/or FIDO credential for accessing systems and data.
IDEMIA smart cards offer an all-in-one solution for securing physical and digital assets. When paired with Axiad Cloud, deploying and managing those credentials is quick and easy.
Want to learn more about how the partnership can benefit your organization? Check out Axiad’s IDEMIA partner page or contact us.