Passwordless login for cloud app |
What happened before...
In my quest to go passwordless I am using the secure-file-storage app which is part of the tutorial on end-to-end security for a cloud app. The tutorial uses IBM App ID to authenticate users. App ID can be configured with different identity providers, from social IDs like Google or Facebook to federated IDs based on SAML. Another product is IBM Cloud Identity (CI). CI provides identity-as-a-service (IDaaS) for employees, including SSO, multifactor authentication, and user lifecycle management and it offers FIDO2 support. I configured Cloud Identity as identity provider to App ID.Going passwordless
With the recently added FIDO2 support in Cloud Identity and the new option to enable passwordless logins, going passwordless for the app was merely finding and activating the right options. As CI administrator, I navigated to the security settings and the new tab "Sign-in options". There, I could enable FIDO2 support for users of the integrated Cloud Directory (user management):PIN or fingerprint instead of password
After enabling the support, I tested the app. There, I was offered to sign in without a password (see first screenshot). Next, I was prompted to insert and touch the security key. Once done, when using a device without fingerprint scanner, I needed to enter the PIN for the USB dongle:With that the FIDO2 key could provide my identity and Cloud Identity prompted me to confirm my user name:
One more click and I was logged into my secure file storage app, all without providing any password. In summary, it was relatively easy to passwordless. It still feels unreal, but I am looking forward to see and actually use it more often - not just on my IBM Cloud app, but with more and more applications, platforms and services.
If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.