Descope’s first product allows developers to build authentication and user management functions in applications. Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant.The Descope platform aims to make it easier to build passwordless authentication, according to the company. Descope says the new product allows organizations to:Create authentication flows and user-facing screens using a visual workflow designer.Seamlessly add a variety of passwordless authentication methods to apps such as magic links, biometrics and passkeys (based on WebAuthn), authenticator apps, and social logins.Validate, merge, and manage identities across the user journey.Get business apps enterprise-ready with single sign-on (SSO), access control, tenant management, and automated user provisioning.Enhance user protection by easily enabling multi-factor authentication (MFA), step-up, or biometric authentication within applications.Descope’s platform offers different integration options: a no-code workflow builder and screen editor, a set of client and backend SDKs, and comprehensive REST APIs. Managing identities with DescopeDevelopers creating authentication flows with Descope will be able to choose different ways to validate identities including by confirming users’ email address, phone number, or any other chosen identifiers through magic links or one-time passwords. Identity validation can also be done through enterprise identity providers including Azure Active Directory and Okta. There is also a function to merge identities when, for example, a user signs up using one method and on, another occasion, chooses a different one. Some systems will create two different accounts for the same user, which can cause loss of data.“Descope ensures that, if a user signs up with a new authentication method, their identity is merged across any signups using other authentication methods after validating the identity. This presents applications with a unified view of their users and gives users a much better app experience,” Rishi Bhargava, Descope co-founder, tells CSO. Reduced options for attackers to break authenticationCompromised user accounts are one of the most common ways through which attackers access companies’ systems. Like many other vendors, Descope bets on increasing security by using other types of authentication, which reduces attackers’ options as it prevents brute-force attacks, credential stuffing, and password spraying, according to Descope.It also uses device fingerprinting and several other factors to identify if users are signing in from a new device, unusual location, etc. App developers can choose to add step-up authentication in these cases and request an additional authentication factor.Descope bets on the move to passwordless authentication by tech giants such as Apple, Google, and Microsoft but also on the risk passwords continue to be to the security of companies. Descope claims to simplify and speed up the implementation of a variety of passwordless authentication methods for application developers.Authentication and user management are complex and time-consuming to implement, Bhargava tells CSO. “What starts off as a single line item often turns into multi-year investments. Building and maintaining authentication in-house delays an app’s time to market, takes developers outside their focus areas, and can lead to security vulnerabilities.”Descope was founded in April 2022 by Rishi Bhargava, Slavik Markovich, Dan Sarel, Meir Wahnon, Doron Sharon, Guy Rinat, Aviad Lichtenstadt and Gilad Shriki and has just raised US$53 million in seed funding, which includes investments from Dell Technologies, Crowdstrike CEO George Kurtz, and Rubrik CEO Bipul Sinha. Related content brandpost Sponsored by Sans Institute Clock is ticking for companies to prepare for EU NIS2 Directive Many companies are still not ready for the impact of NIS2, but SANS can help them prepare. By Laura McEwan May 15, 2024 3 mins Security feature Backlogs at National Vulnerability Database prompt action from NIST and CISA A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases. By John Mello Jr. May 15, 2024 10 mins Threat and Vulnerability Management Security Practices Vulnerabilities news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry news Australian federal budget outlines investment in cybersecurity The Australian government announced its 2024-25 federal budget and CSO has selected highlights that indicate how much will go towards cybersecurity and in what areas. By Samira Sarraf May 14, 2024 5 mins Fraud Protection and Detection Software Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe