Applications delivered in the Software-as-a-service model (SaaS) are, by definition, accessible over the public Internet. This makes them more vulnerable to attack, including through password guessing. It is therefore important to protect SaaS login prompts with more than just passwords.
Password Manager supports two-factor authentication for all users at no additional cost, through a combination of:
- First credential: browser fingerprint, or PIN sent to the user's phone or personal e-mail, or the Hitachi ID Mobile Access app.
- Second credential: password or security questions.
Applications can be configured to leverage Password Manager as a federated identity provider. An application configured to do this is referred to as a service provider (SP), whereas Password Manager acts as an identity provider (IdP). When users access the SP URL, they are redirected to the IdP, where they identify themselves and authenticate. They are then redirected back to the SP and are automatically signed in. This mechanism allows multiple applications to share a single, secure login process.