Descope’s first product allows developers to build authentication and user management functions in applications. Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant.The Descope platform aims to make it easier to build passwordless authentication, according to the company. Descope says the new product allows organizations to:Create authentication flows and user-facing screens using a visual workflow designer.Seamlessly add a variety of passwordless authentication methods to apps such as magic links, biometrics and passkeys (based on WebAuthn), authenticator apps, and social logins.Validate, merge, and manage identities across the user journey.Get business apps enterprise-ready with single sign-on (SSO), access control, tenant management, and automated user provisioning.Enhance user protection by easily enabling multi-factor authentication (MFA), step-up, or biometric authentication within applications.Descope’s platform offers different integration options: a no-code workflow builder and screen editor, a set of client and backend SDKs, and comprehensive REST APIs. Managing identities with DescopeDevelopers creating authentication flows with Descope will be able to choose different ways to validate identities including by confirming users’ email address, phone number, or any other chosen identifiers through magic links or one-time passwords. Identity validation can also be done through enterprise identity providers including Azure Active Directory and Okta. There is also a function to merge identities when, for example, a user signs up using one method and on, another occasion, chooses a different one. Some systems will create two different accounts for the same user, which can cause loss of data.“Descope ensures that, if a user signs up with a new authentication method, their identity is merged across any signups using other authentication methods after validating the identity. This presents applications with a unified view of their users and gives users a much better app experience,” Rishi Bhargava, Descope co-founder, tells CSO. Reduced options for attackers to break authenticationCompromised user accounts are one of the most common ways through which attackers access companies’ systems. Like many other vendors, Descope bets on increasing security by using other types of authentication, which reduces attackers’ options as it prevents brute-force attacks, credential stuffing, and password spraying, according to Descope.It also uses device fingerprinting and several other factors to identify if users are signing in from a new device, unusual location, etc. App developers can choose to add step-up authentication in these cases and request an additional authentication factor.Descope bets on the move to passwordless authentication by tech giants such as Apple, Google, and Microsoft but also on the risk passwords continue to be to the security of companies. Descope claims to simplify and speed up the implementation of a variety of passwordless authentication methods for application developers. Authentication and user management are complex and time-consuming to implement, Bhargava tells CSO. “What starts off as a single line item often turns into multi-year investments. Building and maintaining authentication in-house delays an app’s time to market, takes developers outside their focus areas, and can lead to security vulnerabilities.”Descope was founded in April 2022 by Rishi Bhargava, Slavik Markovich, Dan Sarel, Meir Wahnon, Doron Sharon, Guy Rinat, Aviad Lichtenstadt and Gilad Shriki and has just raised US$53 million in seed funding, which includes investments from Dell Technologies, Crowdstrike CEO George Kurtz, and Rubrik CEO Bipul Sinha. Related content interview Strong CIO-CISO relations fuel success at Ally CIO Sathish Muthukrishnan and CISO Donna Hart have forged a partnership steeped in Ally’s culture of radical candor that keeps the financial services firm secure and innovative. By Dan Roberts May 09, 2024 9 mins CIO CSO and CISO IT Leadership news Zscaler shuts down exposed system after rumors of a cyberattack Initially dismissing rumors, Zscaler now says it did have a system exposed but nothing important has been accessed. By Shweta Sharma May 09, 2024 3 mins Data Breach Cyberattacks news Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies. By Prasanth Aby Thomas May 09, 2024 3 mins Generative AI Security Software news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe