Passkey-enabling legacy enterprise applications with Trusona and Strata Identity

Introduction

We’ve written extensively about passkeys and how they are changing the digital landscape for enabling consumers to sign in to websites. In this blog, we’ll explore the challenges enterprises face when it comes to adding passkeys to the multitude of legacy, non-standard applications in use by its employees, which are no less important to protect than the more modern ones, especially with the increase in phishing attacks that trick people into handing over their credentials. 

The challenges with legacy enterprise applications are that they may be from a 3rd party, the source code may not be readily available, or there are simply no longer developers familiar with the source code. The applications may also not support modern identity protocols like OIDC or SAML. As such, manually building passkey support and adding new identity services would require heavy custom development and code rewrites that are expensive in terms of development costs and time.  

With the integration between Strata’s Maverics Identity Orchestration platform and Trusona Authentication Cloud, we now have a solution that allows businesses to quickly add passkeys to these legacy applications, without any coding or development effort. 

About Strata’s Maverics Identity Orchestration Platform

Strata Identity simplifies the management of identity across complex environments, including on-prem, cloud, and hybrid infrastructure, by consistently applying modern authentication and authorization policies across any application or platform.  

By decoupling applications from hard-coded authentication and authorization processes, their Maverics platform makes it possible to implement modern authentication, like passkey support, without refactoring apps.  

This new software approach to identity allows businesses to create their own identity fabric from the services they currently have and is the fastest and easiest path to adding passkey authentication to any app, legacy ones included.

How to set up the Trusona integration with Strata Maverics

Setting up the integration is simple and takes just a few minutes. It includes the following steps: 

1. Define the upstream application and the port Maverics will use to communicate with it.  
2. Define the basic policy that enforces authentication to Trusona and how Maverics will provide context to the upstream application.
3. Set Maverics up as an authentication gateway and give it the appropriate permissions to direct users correctly. 

Once the setup has been configured and published, the application is passkey-ready! For more details, read Strata’s Orchestration Recipe. 

Passkey user journeys

The primary user journeys we will focus on here are: 

1. Creating a new passkey for an existing user
2. Signing-in with a passkey

Creating a new passkey for an existing user

After the user signs in with their username and password, Maverics navigates the user to the passkey sign-up flow. In the video below, an OTP code is sent to the user’s email to verify their identity. Once verified, the user can initiate the passkey enrollment and create a passkey using their biometrics. From then on, they can sign in to the application with their passkey on any of their synced devices.  

The video below shows this flow in action:

Signing in with a passkey

Below is a video that highlights the speed and simplicity of the sign-in. When the user subsequently signs in to the application, they can use their passkey as their credential, which is unlocked by their biometrics. This makes it fast and simple for the user.  

Summary

Trusona’s passkey-as-a-service platform offers a fast, low cost, way for enterprises to add passkeys to websites and applications. By eliminating the need for static credentials, like passwords, businesses can improve the employee user experience, reduce help desk support costs associated with password resets and mitigate the risk of phishing and credential-based attacks.  

And when used in conjunction with Strata’s Maverics Identity Orchestration platform, passkeys can now be added to legacy applications just as quickly and easily, and without any application development or code rewrites.

For more information

To learn more about the technical details of the integration including the data flows, setup, and configuration, visit the Strata documentation page “How to add Trusona to Any Non-Standard Legacy App” 

To watch a 30-minute workshop of how Trusona and Strata integrate to allow you to passkey-enable legacy applications without rewriting a single line of code, click here.