Cross Identity

Official Blog

Strong Authentication is the Key to Security

Strong Authentication is the Key to Security

Learn How CI Delivers

If you are thinking of adopting Zero Trust principles in your IT environment, you would be remiss not to consider the award-winning CI. Here’s how the product provides strong authentication for a Zero Trust environment:

Be it Zero Trust adoption or whether you want to make working from home safe, to implement a powerful governance system, authentication is perhaps the most important building block.

Authentication has evolved in recent years. What used to be its own niche with its own exclusive vendors, is now becoming a part of Identity and Access Management (IAM). And the technology itself has evolved from simple usernames and passwords into passwordless and contextual authentication.

Contextual authentication, also called risk-based or adaptive authentication, is the latest in IT security technology. Instead of using static authentication parameters like username and password, it captures and utilizes various parameters to provide better security with improved user experience to boot.

Unfortunately, improved security through better authentication systems has traditionally come at the cost of deterioration in user experience, we also call it increased user friction. It also costs a bomb.

Not anymore! Cross Identity COMPACT IDENTITY (CI) brings to you some of the most solid authentication features at an affordable price. It also comes with a strong roadmap to constantly enhance features, usually without at any additional cost to you.

We have baked all this right into our converged IAM suite, the award winning “Compact identity.

It looks at things like geolocation, IP address, access channel (web or mobile), time of access attempt, and velocity. You can also set policies around role memberships and various profile attributes. It then provides step-up authorization and demands multiple factors if the risk is perceived as high, or simple single or dual factor authentication if the risk is low. It can even be programmed to deny access.

For instance, access from a specific or range of IP addresses can be configured to be blocked in the Policy Engine and certain geolocations can be programmed for step-up multifactor authentication. Or, if access is attempted outside working hours, the system can demand additional authentication. But, if access is attempted from an office network, the Policy Engine could be set up to require just a single factor. This ensures that security is applied when needed, and user experience is frictionless.

No longer are users protected only by easily stolen passwords, or by walls upon walls of security which prevent quick and simple access. Contextual authentication solves both challenges at once.

Here are the different parameters that the solution captures.


Contextual Data Signal


1Profile AttributesThe values of end-users’ profile attributes such as Login ID, Job Title, Department etc., which are used to evaluate access control policies
2Role MembershipsList of IAM roles that the user is a member of
3IP AddressCapture users’ IP addresses during the authentication process. This is a dynamic value
4Geo-LocationCapture the geo-location from where an authentication request is initiated. This is also a dynamic value.
5Device TypeWindows, Mac, Linux, iOS, Android, etc.
6Access Channel TypeCapture the access channel type: Web or Mobile
7NetworkDefine the IP ranges that the organization possesses, such as Corporate N/W, Branch Office N/W etc.
This can then also be used to define authentication policies
8Device Mac IDCapture the Mac Address of the device from which an authentication request is being performed. This can then also can be used to define authentication policies.
9Device CertificateCapture the device certificate of a user’s device
10User’s CertificateCapture a user’s certificate which is installed on the device
11IP Risk-scoreNot only capture a user’s IP address, but also determine the dynamic risk score. This can then also used for setting up authentication policies
12Time of AccessCapture the time of access. This can then also can be used in controlling access to applications
13VelocityDetermine the actual velocity of the user (from the previous location and previous time of access to the current location and current time of access)


An easily configurable Policy Engine is used to set all the rules of ‘if, then’. CI’s authentication engine ensures these are enforced.

This combination of step-up or step-down authentication, along with password and passwordless authentication factors, provides superior security compared to just credentials or simple passwordless authentication.

Note: CI is a Converged IAM product. This technology, defined by Gartner in their 2020 IGA Market Guide, will be responsible for more than 45% of new IAM purchases by 2023. It combines Access Management and Identity Governance and Administration into one solution. CI goes a step further and even offers Privileged Access Management, for the most competitive price. The product is acknowledged by analysts to have the most complete IGA features amongst Converged IAM suites.

The solution cinched many prestigious awards earlier this year.

It was hailed as the “Most Innovative in Converged IAM” at the 9th Annual Global Infosec Awards at the RSA Conference 2021. Not least, it has also won the National Feather Awards in 2 categories – “Award for Innovation in Cybersecurity” and “Best Cybersecurity Solution of the Year”.

To learn more about CI, visit today.


Related Posts