Descope’s first product allows developers to build authentication and user management functions in applications. Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant.The Descope platform aims to make it easier to build passwordless authentication, according to the company. Descope says the new product allows organizations to:Create authentication flows and user-facing screens using a visual workflow designer.Seamlessly add a variety of passwordless authentication methods to apps such as magic links, biometrics and passkeys (based on WebAuthn), authenticator apps, and social logins.Validate, merge, and manage identities across the user journey.Get business apps enterprise-ready with single sign-on (SSO), access control, tenant management, and automated user provisioning.Enhance user protection by easily enabling multi-factor authentication (MFA), step-up, or biometric authentication within applications.Descope’s platform offers different integration options: a no-code workflow builder and screen editor, a set of client and backend SDKs, and comprehensive REST APIs. Managing identities with DescopeDevelopers creating authentication flows with Descope will be able to choose different ways to validate identities including by confirming users’ email address, phone number, or any other chosen identifiers through magic links or one-time passwords. Identity validation can also be done through enterprise identity providers including Azure Active Directory and Okta. There is also a function to merge identities when, for example, a user signs up using one method and on, another occasion, chooses a different one. Some systems will create two different accounts for the same user, which can cause loss of data.“Descope ensures that, if a user signs up with a new authentication method, their identity is merged across any signups using other authentication methods after validating the identity. This presents applications with a unified view of their users and gives users a much better app experience,” Rishi Bhargava, Descope co-founder, tells CSO. Reduced options for attackers to break authenticationCompromised user accounts are one of the most common ways through which attackers access companies’ systems. Like many other vendors, Descope bets on increasing security by using other types of authentication, which reduces attackers’ options as it prevents brute-force attacks, credential stuffing, and password spraying, according to Descope.It also uses device fingerprinting and several other factors to identify if users are signing in from a new device, unusual location, etc. App developers can choose to add step-up authentication in these cases and request an additional authentication factor.Descope bets on the move to passwordless authentication by tech giants such as Apple, Google, and Microsoft but also on the risk passwords continue to be to the security of companies. Descope claims to simplify and speed up the implementation of a variety of passwordless authentication methods for application developers.Authentication and user management are complex and time-consuming to implement, Bhargava tells CSO. “What starts off as a single line item often turns into multi-year investments. Building and maintaining authentication in-house delays an app’s time to market, takes developers outside their focus areas, and can lead to security vulnerabilities.”Descope was founded in April 2022 by Rishi Bhargava, Slavik Markovich, Dan Sarel, Meir Wahnon, Doron Sharon, Guy Rinat, Aviad Lichtenstadt and Gilad Shriki and has just raised US$53 million in seed funding, which includes investments from Dell Technologies, Crowdstrike CEO George Kurtz, and Rubrik CEO Bipul Sinha. Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe