IDExpert combines various identity authentication mechanisms such as FIDO, biometrics, and MFA to strengthen the security level of account login and enhance the efficiency and security of authentication by eliminating weak passwords through biometric verification
As a critical entrance for safeguarding sensitive information in remote work, IDExpert ensures the security of digital and mobile work environments.MFA (Multi-Factor Authentication)
Following the principle of zero trust architecture - verify, and keep verifying, IDExpert provides a proactive defense approach through key verification methods. This tailored system helps enterprises prepare for information security at all times, effectively managing massive user data, and easily deploying authentication privileges. It is powerful yet easy to operate, compliant with the National Institute of Standards and Technology (NIST) framework and core mechanism of multi-factor identity authentication.
All network access is assumed to be untrusted by default. Users, devices, systems, and networks within an organization must be authenticated to access or monitor based on policies and permissions.
The zero trust architecture promulgated by the National Institute of Standards and Technology (NIST) features four core mechanisms: identity authentication, device authentication, device endpoint protection, and network transmission security.
Identity Verification: Two-factor authentication.
Device Authentication: Identification method using chip-based trust roots.
Device Endpoint Threat Detection and Protection: Device anomaly behavior detection and device health management platform.
Network Transmission Security: Two-way authentication and TLS (Transport Layer Security) secure encryption channel for transmission.
IDExpert server is also a FIDO Server, allowing users to directly register FIDO devices. Through the SAML protocol, enterprise web pages and cloud services can perform FIDO authentication in the IDExpert SSO Portal.
FIDO UAF with mobile push authentication is supported, enabling passwordless authentication through IDExpert. FIDO2, which is used for web login, is also applicable. FIDO2 devices such as mobile phones, Bluetooth, and USB can be used as authentication carriers for multi-factor authentication.
To facilitate application system integration for large enterprises such as finance, IDExpert provides the FIDO SDK.
FIDO (Fast IDentity Online) is a network identity standard established by the non-profit organization FIDO Alliance, which ensures the security of server and terminal device protocols during the login process, and uses specific hardware or biometric features to replace traditional passwords for identity authentication。
Using the asymmetric public-private key mechanism.
Only storing the corresponding public key on the server side.
Storing private keys only on the device side for risk mitigation.
FIDO UAF replaces passwords with biometric sensors on devices, each device registers an identity and requires separate integration with each application system, suitable for banking apps.
FIDO U2F stores public-private keys on USB devices, and users need to insert the USB device for login, requiring separate integration with each application system, suitable for systems that have access to USB devices.
FIDO2 supports web applications and can authenticate using various tokens, including UAF and U2F tokens, by calling APIs. Different webpage URLs require registration of different keys, and it is often used with SSO Web Portal.
With the help of mobile device carriers, users can log in through facial or fingerprint recognition, without the need to remember any alphanumeric characters. Through unique biometric identification, the security of login authentication is made more convenient, fast, and secure, with the user themselves being the best defense factor.
When logging in to the application system, IDExpert can be used to perform FIDO biometric authentication to verify identity. Once registered, it can be used universally for operating systems, network devices, web pages, and more.
FIDO UAF combined with app push authentication no longer requires separate system integration, and the authentication devices used do not need to be registered separately, simplifying the traditional FIDO UAF integration process.
With mobile devices, identity verification can be done on-the-go, preventing the risk of account theft and providing users with instant convenience. The verification process is simplified into a One Touch method.
Supports various mobile devices.
Push content and form can be customized according to business needs.
Supports special system devices (VDI/VPN/OWA/WINLOGON).
Push messages are sent through the Apple/Google platform and transmitted with full encryption.
IDExpert adopts OpenID Connect technology, an authentication protocol based on the OAuth 2.0 standard. With the multi-factor authentication mechanism, users can enjoy the convenience of single sign-on while ensuring login security across multiple systems and reducing the risk of account theft.
Released in 2014, OpenID Connect is an implementation of Single Sign-On (SSO), commonly used by e-commerce, social media, and other web platforms to provide third-party login options like Google and Facebook. OpenID Connect simplifies the login process by eliminating the need for users to enter their personal information.
OpenID Connect combines OAuth 2.0 with JWT (JSON Web Token) for user identity confirmation. It defines the process for verifying user identities and uses JWT to carry user identity data and confirm their login credentials.
OpenID Connect supports cloud services, mobile apps, internal systems, and web applications, making it a widely used and convenient solution for both users and IT personnel. The integration process is smooth and easy, providing a seamless login experience across multiple applications. IDExpert's multi-factor authentication service further enhances information security.
Multiple tokens display OTP dynamic passwords, which protect account access security through frequent password changes.
Each account can be bound to up to three tokens, allowing for flexible personal authentication device binding.
Building on our extensive integration experience, our solutions provide reliable identity verification across various domains with high scalability. Our team offers seamless integration services with quick implementation and real-time customizations.
|Connection System||Application||Supported Firm|
|Networking System||VPN, Firewall, UTM||
|Server Management Sysytem||PAM, SWIFT, KVM||
|Mail Server System||Outlook Web Access,
Active Sync, IBM Notes
|Virtual Platform Management||VM PlatForm||
|Virtual Desktop System||VDI||
|Operating System||Windows, Linux||
|Storage System||NAS, Storage||
|Project Management System||Redmine, GitLab||
|Enterprise Resource Planning||CRM, ERP, HRM||
|Website Custimization||IIS, JAVA Filter, Restful API||
|Single Sign On / Cloud service||SAML||
Note: contact us for any other integration needs not listed above.
Multi-Factor Authentication (MFA) is an authentication method that requires users to provide two or more authentication factors to access resources such as applications, online accounts, and VPNs. It's a critical component of a strong Access Management (IAM) strategy, reducing the risk of successful network attacks and protecting against compromised accounts and passwords. MFA ensures secure online transactions and network security for organizations.
IT administrators no longer need to periodically change fixed passwords. IDExpert uses dynamic password OTP to provide encryption protection based on secure algorithm principles for each authentication.
Combined with comprehensive management functions, it can monitor the interconnection program, verification method, abnormal users, and usage verification status in real-time.
The Taiwan National Institute for Cyber Security has required "all government agencies urged to strengthen remote access control mechanisms with multi-factor authentication to proactively defend against cybersecurity threats”.
The Taiwan Stock Exchange also announced that "financial institutions urged to use two-factor authentication for online trading systems to enhance security.
We start from within by having an effective information security management system in place, strengthening security protection and safeguarding information assets to ensure uninterrupted business operations. We extend information security from the inside out, providing more reassuring solutions to our customers.
Leading the market in Taiwan with high penetration in government and financial sectors, providing clients with comprehensive Information security protection built on practical experience.