Descope’s first product allows developers to build authentication and user management functions in applications. Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant.The Descope platform aims to make it easier to build passwordless authentication, according to the company. Descope says the new product allows organizations to:Create authentication flows and user-facing screens using a visual workflow designer.Seamlessly add a variety of passwordless authentication methods to apps such as magic links, biometrics and passkeys (based on WebAuthn), authenticator apps, and social logins.Validate, merge, and manage identities across the user journey.Get business apps enterprise-ready with single sign-on (SSO), access control, tenant management, and automated user provisioning.Enhance user protection by easily enabling multi-factor authentication (MFA), step-up, or biometric authentication within applications.Descope’s platform offers different integration options: a no-code workflow builder and screen editor, a set of client and backend SDKs, and comprehensive REST APIs. Managing identities with DescopeDevelopers creating authentication flows with Descope will be able to choose different ways to validate identities including by confirming users’ email address, phone number, or any other chosen identifiers through magic links or one-time passwords. Identity validation can also be done through enterprise identity providers including Azure Active Directory and Okta. There is also a function to merge identities when, for example, a user signs up using one method and on, another occasion, chooses a different one. Some systems will create two different accounts for the same user, which can cause loss of data.“Descope ensures that, if a user signs up with a new authentication method, their identity is merged across any signups using other authentication methods after validating the identity. This presents applications with a unified view of their users and gives users a much better app experience,” Rishi Bhargava, Descope co-founder, tells CSO. Reduced options for attackers to break authenticationCompromised user accounts are one of the most common ways through which attackers access companies’ systems. Like many other vendors, Descope bets on increasing security by using other types of authentication, which reduces attackers’ options as it prevents brute-force attacks, credential stuffing, and password spraying, according to Descope.It also uses device fingerprinting and several other factors to identify if users are signing in from a new device, unusual location, etc. App developers can choose to add step-up authentication in these cases and request an additional authentication factor.Descope bets on the move to passwordless authentication by tech giants such as Apple, Google, and Microsoft but also on the risk passwords continue to be to the security of companies. Descope claims to simplify and speed up the implementation of a variety of passwordless authentication methods for application developers.Authentication and user management are complex and time-consuming to implement, Bhargava tells CSO. “What starts off as a single line item often turns into multi-year investments. Building and maintaining authentication in-house delays an app’s time to market, takes developers outside their focus areas, and can lead to security vulnerabilities.”Descope was founded in April 2022 by Rishi Bhargava, Slavik Markovich, Dan Sarel, Meir Wahnon, Doron Sharon, Guy Rinat, Aviad Lichtenstadt and Gilad Shriki and has just raised US$53 million in seed funding, which includes investments from Dell Technologies, Crowdstrike CEO George Kurtz, and Rubrik CEO Bipul Sinha. Related content brandpost Sponsored by Elastic Search + RAG: The 1-2 punch transforming the modern SOC with AI-driven security analytics AI is modernizing how SOCs function, triaging countless alerts down to a handful of attacks that matter most. By Mike Nichols, Product for Security at Elastic May 06, 2024 3 mins Artificial Intelligence how-to Download the Zero Trust network access (ZTNA) enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand what ZTNA can do for their organizations and how to choose the right solution. By Josh Fruhlinger and steve_zurier May 06, 2024 1 min Zero Trust Access Control Network Security news Germany blames Russian hackers for months-long cyber espionage The attacks by Russia-backed Fancy Bear used an Outlook exploit to compromise several German officials’ accounts. By Shweta Sharma May 06, 2024 4 mins Advanced Persistent Threats Hacker Groups feature AI governance and cybersecurity certifications: Are they worth it? Organizations have started to launch AI certifications in governance and cybersecurity but given how immature the space is and how fast it's changing, are these certifications worth pursuing? By Maria Korolov May 06, 2024 12 mins Certifications IT Training Careers PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe