![\"Requests](\"/static/065af3c1452371eeef2cc2e9c6eecd81/01e7c/requests-and-responses-per-second-dot-net-core.png\" "\\"Requests")
\n \n For decades, identity management solutions have been navigating enterprises' digital transformation journeys and becoming integral to any online platform.
\nHowever, identity management isn’t used to secure digital identities but to create a delightful and seamless user experience that enhances user engagement.
\nWhether we talk about social login, passwordless login, or single sign-on, identity management has offered endless possibilities to businesses concerning user experience and security.
\nWith a cookieless authentication, enterprises can leverage the true potential of a CIAM solution in marketing their products and services without compromising user experience.
\nLet’s uncover the aspects of incorporating a cookieless authentication into your business platform and learn why businesses quickly need to put their best foot forward in adopting a cookieless authentication platform.
\nCookieless authentication, also known as token-based authentication, is a technique that leverages JSON web tokens (JWT) instead of cookies to authenticate a user.
\nCookieless uses a protocol that creates encrypted security tokens that allow the user to verify their identity. The users receive a unique access token to perform the authentication.
\nThe conventional cookie-based authentication requires the server to perform an authentication lookup every time the user requests a page. With cookieless authentication, enterprises can eliminate the round-trips with tokens.
\nIn cookieless authentication, the token contains information about user identities and transmits it securely between the server and client. The entire cookieless authentication works in the following manner:
\nThough marketers have been leveraging cookies for decades to aid their marketing efforts, businesses now have to think out of the box to ensure they engage their potential customers more interactively.
\nHowever, a cookieless future also paves the way for marketers to build a robust foundation for digitally promoting their products and services since cookies present endless challenges.
\nCookies aren’t transparent, so users don’t know which information is being collected or shared about them and how it can impact their privacy and security.
\nMoreover, cookies always represent devices and not humans, leading to instances where information can show duplicate impressions.
\nAlso, users always demand transparency regarding how websites and applications collect and use their information. Hence, with a cookieless authentication mechanism, users would choose to consent to the information collection along with the advertising needs to ensure adequate security that further builds brand trust.
\nOnce trust is established in users, businesses can later ask clients about their preferences and interests, which can help create winning strategies.
\nAlso Read: Managing Privacy and Compliance in a Cookieless World
\nUndoubtedly, cookies have provided endless possibilities to marketers to date. However, the future belongs to cookieless since global brands and most web browsers now support a cookieless landscape.
\nMarketers need to understand that adopting cutting-edge technology in the form of cookieless authentication may initially feel like a tedious process. However, it helps them unwind an array of opportunities to engage potential customers in the long run.
\nBusinesses can choose a reliable CIAM platform that allows them to go cookieless without worrying about overall data security, compliance, and privacy.
\n\n","frontmatter":{"date":"June 09, 2022","updated_date":null,"description":"With cookieless authentication, enterprises can leverage the true potential of a CIAM solution in marketing their products and services without compromising user experience. This post explains why businesses quickly need to put their best foot forward in adopting a cookieless authentication platform.","title":"The Peerless Role of Cookieless Identity Solution for Marketers","tags":null,"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/161322d1cb671a694b57f6cfa16538a7/33aa5/cookieless-auth.jpg","srcSet":"/static/161322d1cb671a694b57f6cfa16538a7/f836f/cookieless-auth.jpg 200w,\n/static/161322d1cb671a694b57f6cfa16538a7/2244e/cookieless-auth.jpg 400w,\n/static/161322d1cb671a694b57f6cfa16538a7/33aa5/cookieless-auth.jpg 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Vishal Sharma","github":null,"avatar":null}}}},{"node":{"excerpt":"Introduction Cloud computing has revolutionized the world of data storage. It has made it possible for businesses to store their data…","fields":{"slug":"/identity/what-is-cloud-security/"},"html":"Cloud computing has revolutionized the world of data storage. It has made it possible for businesses to store their data remotely and access it from any location, at any time.
\nBut, with great opportunity comes great responsibility. Cloud data is extremely sensitive and confidential; it needs to be protected from cyber threats like malware, ransomware, and other forms of malicious software.
\nThis is where cloud security comes into play—it protects cloud-based data and computing from these threats by employing advanced systems that detect and prevent any sort of attack before it takes place.
\nCloud security is the practice of keeping cloud-based data, systems, and infrastructure safe from cyber threats. It includes a collection of rules and technologies that help prevent unauthorized access, malware infections, hackers, and DDoS attacks.
\nThe security measures are based on the following principles:
\nCloud security emphasizes protection in the same fashion as cloud computing concentrates on applications and data. When disaster recovery plans are managed in one location, they may be readily enacted and enforced.
\nBy using a trustworthy cloud services provider or cloud security platform, you can bid farewell to manual security setups and near-constant security upgrades.
\nCloud computing services provide the highest level of consistency. Users may safely access data and apps in the cloud no matter where they are or what device they are using with the correct cloud security measures in place.
\nOne of the most significant benefits of cloud computing is the elimination of the requirement for specific hardware. Not needing to invest in specialized hardware saves you money in the short term and can also help you improve your security.
\nCloud computing enables you to grow to meet new demands, allowing you to add more apps and data storage as needed. Cloud security grows with your cloud computing services without difficulty. When your demands evolve, cloud security's centralized structure allows you to rapidly incorporate new apps and other features without jeopardizing your data protection.
\nThe cloud security programs work by ensuring the following:
\nIt is a component of cloud security that deals with the technological side of threat mitigation. Suppliers and users may use tools and technologies to construct barriers between sensitive data access and visibility. Encryption is one of the most powerful tools available among these.
\nThe accessibility capabilities granted to user accounts are managed by customer identity and access management (CIAM). Managing user account identification and authorization also applies here. CIAM includes registration, authentication, user management, data governance, and single sign-on.
\nThe emphasis of governance is on threat prevention, detection, and mitigation strategies. Threat intelligence may assist SMBs and organizations in identifying and prioritizing threats in order to keep critical systems safe. These are particularly applicable in corporate settings, although standards for safe usage and threat response can be beneficial to any user.
\n\nTechnical disaster recovery methods are included in data retention (DR) and business continuity (BC) planning in the event of data loss. Methods for data redundancy, like backups, are essential components of every DR and BC plan. A good BC strategy should include frameworks for validating the veracity of backups and specific staff recovery instructions.
\nLegal compliance aims to safeguard user privacy as defined by legislative authorities. Governments have recognized the need to prevent the commercial exploitation of private user information. As a result, enterprises must adhere to rules to comply with these policies.
\nThe following factors play a significant role in influencing cloud security.
\nIncorrectly configured cloud security settings frequently cause cloud data breaches. Cloud security posture management solutions used by many enterprises are insufficient for securing their cloud-based infrastructure.
\nAs compared to on-premises infrastructure, cloud-based infrastructure is located outside the network perimeter and is widely accessible from the public Internet. While this is beneficial for employee and customer access to this infrastructure, it also makes it simpler for an attacker to obtain unauthorized access to an organization's cloud-based resources.
\nCSPs typically provide a range of application programming interfaces (APIs) and interfaces to clients. In general, these APIs are well-documented to make them accessible to CSP consumers.
\nMany people have extremely poor password safety, including choosing weak passwords and repeating passwords. Because it allows a single stolen password to be used on several accounts, this issue exacerbates the effect of phishing attempts and data breaches.
\nCybercrime is a business, and cybercriminals choose their targets depending on how profitable their attacks would be. Cloud-based infrastructure is easily accessible through the public Internet, is frequently inadequately secured, and includes many vital and confidential data.
\nThe cloud is designed to simplify data exchange. Many clouds allow you to invite a collaborator expressly through email or provide a link that allows anybody with the URL to view the shared resource. While this ease of data exchange is beneficial, it may also pose a significant cloud security risk.
\nThe cloud is critical to the capacity of many firms to do business. They utilize the cloud to store mission-essential data and execute the crucial internal and external-facing apps. As a result, a successful Denial of Service (DoS) assault on cloud infrastructure is likely to significantly impact a variety of enterprises.
\nFinal Thoughts
\nIn summary, cloud security is more about people and processes than technology. The cloud infrastructure must be designed to support secure operations, but ultimately the responsibility for security lies with the individual end user.
\n\n","frontmatter":{"date":"June 09, 2022","updated_date":null,"description":"Cloud security is a growing concern for businesses that rely on cloud-based services. The use of these services has become widespread over the past decade or so, but many companies still don't fully understand how to protect themselves from cyber threats. Read this blog to know what exactly is cloud security and how it works.","title":"What is Cloud Security and How it Works?","tags":["cloud security","cloud identity management","data security"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7699115044247788,"src":"/static/7b5e04d919ffea6f0d9774eb467a169a/33aa5/cloud-security.jpg","srcSet":"/static/7b5e04d919ffea6f0d9774eb467a169a/f836f/cloud-security.jpg 200w,\n/static/7b5e04d919ffea6f0d9774eb467a169a/2244e/cloud-security.jpg 400w,\n/static/7b5e04d919ffea6f0d9774eb467a169a/33aa5/cloud-security.jpg 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Navanita Devi","github":null,"avatar":null}}}},{"node":{"excerpt":"Introduction Currently, the LoginRadius Identity Platform processes more than 100K requests per second. As our developer and enterprise…","fields":{"slug":"/engineering/why-we-rebuilt-loginradius-dot-net-core-apis-with-go/"},"html":"Currently, the LoginRadius Identity Platform processes more than 100K requests per second. As our developer and enterprise customers grow, we should be able to scale our APIs to handle staggering loads of requests per second. It won’t be surprising if our APIs have to serve a million requests per second in the future.
\nGenerally, we add more instances, CPU, or memory for supporting high request volumes. However, it has been burdening our infrastructure budget and maintenance.
\nSo, we’re focused on reducing the cost of compute capacity by improving efficiency. In this engineering update, we share our experience with a highly effective, low-risk, large-scale performance and cost optimization with Go.
\nLoginRadius production environment consists of 30+ microservices backed by a cloud-native infrastructure. Most of these services are written in .NET and Node.js. In Q1 2021, we explored the possibilities of improving the performance of our services and optimizing costs.
\nLoginRadius tech stack consists of 30+ microservices. We have different microservices for each business service like Authentication, Web SSO, Federated SSO, etc.
\nCore Applications: Multiple microservices instances for Authentication, Account API, Analytics API, Risk-based Authentication, Backend Jobs, Integrations, and much more,
\nData Storage: MongoDB, Elasticsearch, Redis, and PostgreSQL clusters are used to store a range of datasets for various applications and functionalities.
\nQueues: Amazon Kinesis Data Streams, Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), and Azure Queue Storage.
\nOther Services: Services for rate-limiting, bcrypt clusters, feature flags, and more.
\nRouting: AWS load balancers (ALB, NLB, and ELB from AWS) and some nodes running NGINX as a proxy.
\nWe've been utilizing a multi-cloud and multi-region architecture for years based on our and our customers’ data and privacy compliance requirements. However, as our usage (and load) grew with maintenance costs, we relied more on AWS resources.
\nThis is the basic architecture of the environment in the US:
\nThe above diagram shows two cloud regions — US East and US West.
\nWhen requests come:
\nSo, how do we maintain high availability?
\nEvery availability zone has operating instances of all services (including databases). If one availability zone is down, we still have two availability zones.
\nWe are using a two-pronged scaling approach as scaling based on resource utilization (CPU & Memory) alone is not practical.
\nOnce, our multi-tenant application received a sudden spike in API requests — from thousands of requests to millions. Usually, adding new infrastructure to the existing pool takes around 60 seconds. And application deployment and start-up time were about 90 seconds. Plus, considering other possible delays in scaling, we can lose about 5 minutes for scaling up.
\nFurther, adding the time to gather metrics and make the scaling decision, the total delay can be ~6 minutes. This process can impact all multi-tenant customers' critical applications because user authentication and authorization are essential.
\nWe keep Scaling Buffers to support this kind of scenario.
\n\n\nScaling Buffers: During the Scale-up Time, the Scaling Buffer is the service's highest predicted traffic spike. Depending on the scaling strategy, we store several types of the buffer.
\n
Usually, we set a one million requests concurrency buffer. And based on the traffic pattern, our scaling automation triggers the scaling.
\nOur Platform performance is good. We can quickly handle millions of requests, and our application platform was scalable but not great. Minding the kind of growth we’re expecting, we wanted to improve and prepare our platform for the future.
\nNo. of requests can fluctuate within a few seconds if not minutes or hours, especially with specific events such as holiday shopping, promotional events, Black Friday, etc. So, in the event of traffic spikes, application startup time plays a significant role in scaling.
\nOur application startup time was around 90 seconds, so whenever scaling was happening due to high traffic, scaling took more time. That's why we needed to improve the application startup time.
\nWe used hundreds of AWS c5.2xlarge instances in a production environment to handle daily traffic. During certain events such as holiday shopping and Black Friday, we doubled our infrastructure according to expected traffic with a 20~30% buffer. We kept a high buffer because scaling took time with the existing .NET Core services. As a result, infrastructure cost was burdening as we were inefficiently deploying cloud infrastructure.
\nWe designed our Identity Platform a few years ago. Since then, the technology landscape has dramatically improved and optimized in recent years.
\nAlso, current technology platforms available to build and support our product (Identity Platform) are limited. So, it is crucial to align functionality with proper technology capabilities.
\nWe were facing challenges in customization. It was inflexible and limiting to deliver the required outcomes in more complex situations and use cases.
\nWe did a lot of research to choose the appropriate programming language for our application. We needed a language that would be simple to understand and learn, easy to maintain, and has high concurrency. Our research ended with Go due to its amazing qualities.
\nLet's take a closer look. Why choose Go? What makes Go such an excellent development language? What distinguishes it from the competition?
\nLet's get to the bottom of this by looking at what makes Go special.
\nGo is an open-source programming language developed by Google's Rob Pike, Robert Griesemer, and Ken Thompson. It was initially released in 2009. It has several enhancements and additions based on the C syntax to properly control memory use, manage objects, and enable static or strict typing along with concurrency.
\nConcurrent code can be executed in parallel by separate computer cores or in sequence. Most programming languages lack concurrent execution when working with multiple threads. They often slow down programming, compiling, and execution.
\nGo works with goroutines that are lightweight, low-cost threads. And Go channels allow goroutines to communicate with one another.
\nSequential Processes Communication: They are very similar to threads in Java but lightweight, and the cost of creating them is meager.
\nGo's core value is simplicity: it builds quickly, runs quickly, and is simple to learn. To help speed things up, there are no classes or type inheritance. This makes it easier to build a market-ready product quickly. Furthermore, its simplicity allows for quick and simple maintenance.
\nGo has an excellent standard library that includes a large number of built-in essential type functions and packages that are both practical and straightforward to use: I/O, encoding and decoding, manipulating raw bytes, network utility functions, parsing, debugging, and a lot more are all made simple by particular packages. Testing support is also included in the standard library, so no other dependencies are required.
\nGo has a simpler syntax than other languages and is simple to learn. The syntax of Go is somewhat similar to the C language. Developers can begin with Go in a couple of hours, but they need to spend time understanding best coding practices, especially understanding goroutines for concurrency.
\nWe run benchmarks on our API so that the performance insights help us make decisions about the tech stack. It will paint a clearer picture of where we stand compared to our existing tech stack and what areas need improvement or immediate attention.
\nWe did multiple stress tests on our high usage APIs built separately with .NET Core(Old) and Go (new).
\nWe are using Kubernetes to deploy and manage our microservices and application infrastructure and deploy our application microservices across multiple Pods.
\n| Test Item | \nValue | \n
|---|---|
| Instance Type | \nc5.2xlarge on AWS | \n
| No. of Instances | \n20 | \n
| Reverse Proxy | \nNGINX | \n
| Concurrent Requests | \n20K per second | \n
| Duration | \n5 minutes | \n
| Stress Test Tool | \nGatling | \n
We deployed both applications in the same infrastructure and did the same stress test.\nGolang application has performed much better.
\n\n \n ![\"API](\"/static/10602d758e3df688d22b7e79cfa22e5f/01e7c/response-time-percentiles-dot-net-core.png\" "\\"API")
\n \n ![\"Overall](\"/static/bd266c07f16fd3b1904ef569a8ca6425/01e7c/overall-matrix-dot-net-core.png\" "\\"Overall")
\n \n You can see some errors in Graph - 1(a) after ramping up to 15K users. Also, response time is increasing, as seen in Graph - 1(b).
\nThe application can recover after a couple of seconds, and after that, the application cannot respond. Application scaling is taking time. And existing infra cannot handle this spike, so the application crashes after 18K RPS.
\nWe did the same stress test with the new Go application. It is easily able to handle this kind of concurrency without any issue.
\n![\"Requests](\"/static/da6febfd92d89610654f4c6c921720cd/01e7c/requests-and-responses-per-second-go-lang.png\" "\\"Requests")
\n \n ![\"Overall](\"/static/397ef4b4903cbbacdb16a5ab45b0f16f/01e7c/overall-matrix-go-lang.png\" "\\"Overall")
\n \n The Go application can easily handle 20K ramp-up requests per second without any issue, as shown in Graph -2(a).
\nYou can see in Graph - 2(b) what the response time was after 2 min 47 sec for a couple of seconds. The Go application was scaling during that time. It is scaling quickly, so it is not impacting API request performance, and, also, the application can recover response API time as expected.
\nIn this article, you have learned how we have achieved better API performance by rebuilding them in Go, which were previously built in .NET Core. And you have understood our approach to this transition and how it increased the API performance of the LoginRadius Identity Platform.
\nLeverage LoginRadius Identity Platform to build authentication functionality for your web and mobile apps. Sign up for a free LoginRadius account here
\n","frontmatter":{"date":"June 06, 2022","updated_date":null,"description":"At Loginradius, we strive to leverage technology and ingenuity to push the boundaries of what our Identity Platform can deliver. In this engineering article, learn how we improved the performance of our APIs with Go.","title":"Why We Re-engineered LoginRadius APIs with Go?","tags":["Go","API",".NET","LoginRadius"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/b63787a6ecfda78c022020fe03233557/ee604/high-performance-identity-apis.png","srcSet":"/static/b63787a6ecfda78c022020fe03233557/69585/high-performance-identity-apis.png 200w,\n/static/b63787a6ecfda78c022020fe03233557/497c6/high-performance-identity-apis.png 400w,\n/static/b63787a6ecfda78c022020fe03233557/ee604/high-performance-identity-apis.png 800w,\n/static/b63787a6ecfda78c022020fe03233557/f3583/high-performance-identity-apis.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Vijay Singh Shekhawat","github":"code-vj","avatar":null}}}},{"node":{"excerpt":"Introduction Data breach refers to an incident when unauthorized individuals or organizations have access to sensitive information that they…","fields":{"slug":"/identity/authenticating-in-the-age-of-no-code-technology/"},"html":"Data breach refers to an incident when unauthorized individuals or organizations have access to sensitive information that they don’t own.
\nNo matter how strong your product’s architecture is, if the identification and authentication process is not apt, data breaches will happen. Even the biggest companies in silicon valley are not immune to these attacks.
\nFor instance, in 2021, the personal data of 533M Facebook users were posted on a forum for free. In the same year, data of more than 500M LinkedIn users were discovered on the dark web.
\nTo avoid data breaches you need to ensure that only the right individuals have access to your product and data.
\nYou can do that with the help of identification and authentication technologies.
\nIdentification is a process in which an individual produces private information voluntarily that is unique and can be used to recognize them. Private information is also referred to as means of identification. For example, name, date of birth, address, etc.
\nAuthentication is a process when the identity of the user is validated and they are given certain permissions or access to a certain data because of that. For instance, when you enter the password into your computer, your identity is validated and you gain access to your system.
\nThe process of identification begins with the recognition of parameters that make every user unique. Then, the values of these parameters are collected and stored for every customer and a key is assigned to each of them.
\nOften, these keys or codes are alphanumeric. They are assigned to every user which is unique and can be used to access other details like the name and email address.
\nThis means that a lot of (or at least enough) identifying information is to be collected from the user and stored safely. As the user is entering those details, steps have to be taken to ensure that the data is not duplicated, fraudulent, or incorrect.
\nAuthentication checks whether the entered credentials match any existing profile so that the system can present the right data with the appropriate authority.
\nThe authentication process requires a medium through which the user enters their details. For example, the prompt asking for a username and password is an authenticating medium. Then these credentials are examined and appropriate information is presented.
\nBoth of the processes deal with extremely sensitive private information. Companies have to pay compensation and legal fines if any of this data is hacked or breached. Therefore, special care has to be taken while integrating these processes into your product.
\nDeveloping secure systems for the identification and authentication of users can be expensive. The system architecture has to be designed with proper security for customers and has to be updated as the regulations change.
\nThis calls for hiring more senior engineers to build the system. With that, the auxiliary requirements also increase. Not to mention, the time-to-market increases too.
\nThis is a challenge for freelancers and small businesses.
\nFortunately, the no-code revolution solves that quickly.
\nAs the name suggests, no code is a process of developing applications through a graphical interface that requires zero coding. No-code development helps professionals with no coding knowledge create applications with ease.
\nAll you need to know is your requirements and you are ready to go.
\nNo-code development is beneficial for small teams with limited resources. The time-to-market is greatly reduced and the product can be developed at much lower costs.
\nLet’s take a look at how no-code technology has improved the identification and authentication process for businesses.
\nThe visual development environment provided by no-code technology comes with drag-and-drop templates. These templates are working blocks of code that can be used to build authentication and identification processes. This speeds up the process and shortens the overall development time.
\nCapgemini has shown that moving to a no-code framework has made their development processes 5.5x faster.
\nYou don’t need to have any kind of coding knowledge to build an authentication system for your business on a no-code framework.
\nOne of the most important reasons for that is its understandability. Code is difficult to understand as it is a machine-level language. Problem solvers think on an algorithmic level. That is easy to put on paper and translate to a product by using no-code technology.
\nNo-code development requires fewer engineers. This reduces all the auxiliaries that are needed by a business. For instance, less infrastructure, lower financial investment, etc. The most important resource saved is time.
\nUpdating processes and systems that were created using no-code technology is also easier. Often, it is taken care of by the platform.
\n\nSecure identification and authentication processes created on a no-code framework allow businesses to deliver more value to their customers.
\nIt assures secured storage of accurate data for each customer. This helps product managers to deliver a more personalized service to their customers. Another reason is that it assists customer success executives to solve the problems of each customer accurately.
\nThrough customer service software, businesses can understand critical customer service metrics and derive actionable data about support quality. These tools leverage no-code authentication to help the customer-facing teams fetch the right information at the right time.
\nWith increased customer satisfaction, there come a lot of benefits, such as higher customer retention and positive word of mouth.
\nIdentification and authentication are two major processes that secure customer data and enable companies to deliver a good service.
\nThe good news is that no-code technologies are helping businesses secure their services by enabling the developers to create processes faster.
\n\n","frontmatter":{"date":"June 03, 2022","updated_date":null,"description":"No code is a process of developing applications through a graphical interface that requires zero coding. All you need to know is your requirements and you are ready to go. Let’s take a look at how it has improved the identification and authentication process for businesses.","title":"Age of No-Code Technologies: Identification and Authentication","tags":["no code","identification","authentication"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.342281879194631,"src":"/static/19ace3929427b8b8a0f22706f8ff5a1a/33aa5/no-code.jpg","srcSet":"/static/19ace3929427b8b8a0f22706f8ff5a1a/f836f/no-code.jpg 200w,\n/static/19ace3929427b8b8a0f22706f8ff5a1a/2244e/no-code.jpg 400w,\n/static/19ace3929427b8b8a0f22706f8ff5a1a/33aa5/no-code.jpg 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Tim Ferguson","github":null,"avatar":null}}}},{"node":{"excerpt":"B2B applications require connecting customers and partners with their existing identity system or directory. Customers often want their…","fields":{"slug":"/engineering/identity-management-for-b2b-companies/"},"html":"B2B applications require connecting customers and partners with their existing identity system or directory. Customers often want their employees or end-users to access your product and service with hierarchical access rights and their existing identity.
\nManaging these requirements in-house can be tricky and time-consuming. However, the LoginRadius B2B Identity solution can bridge this gap for your business and help you eliminate friction. Above all, it serves a faster go-to-market with an industry-leading deployment time of 3-4 weeks while ensuring the following:
\nLoginRadius B2B Identity allows your customers and partners to effectively create their accounts without needing them to create another identity.
\nThis feature lets you give customers and partners authority to manage accounts and access via their internal identity sources or your dashboard.
\nLet’s say: your customer wants to allow only marketing and sales employees of the organization to access your B2B application. And within those 20 employees, the access rights will be different. LoginRadius B2B Identity can allow your customer to use their internal identity for authentication and manage the provision and access of their employee accounts within their identity source.
\nSimilarly, suppose some customers do not want to use internal identity for authentication and authorization. In that case, they can easily do this via managing configurations like login method, roles, and permission from your application dashboard. LoginRadius B2B Identity works in the background to smoothly process these requirements.
\nTo allow your customers and partners to use their internal identity for authentication, you must configure Federated SSO protocols depending on their identity application. With LoginRadius B2B Identity, you get effortless integration of the most popular and complex SSO protocols, such as SAML, JWT, and OAuth.
\nLet’s say one of your customers wants to authenticate using Salesforce while the other prefers to utilize their AWS identities. You can utilize OAuth integration for authentication using Salesforce and SAML integration for authentication using AWS — without understanding both protocols’ complexity and in-depth implementation.
\nNot just this, integration of these protocols is entirely maintenance-free; any required change or updates in protocols are taken care of by LoginRadius.
\nGet a centralized view of all your customers and partners. You can easily manage their identities and access controls (roles and permissions) from the LoginRadius Dashboard or the LoginRadius Management APIs.
\nRevoke access automatically upon user offboarding to ensure effortless access security to applications of your customers and partners. Similarly, it revokes customers’ and partners’ access rights to your application in case of churn or contract termination.
\nLoginRadius B2B Identity lets you delegate admin access to your customers and partners for seamlessly managing their employees and users. Consequently, it saves the efforts and time of your IT support team.
\nAlso, you can set up self-serve registration for your customers and partners, thus saving time in manually setting up their accounts. Similarly, these customers and partners can facilitate self-serve registration for their employees and users.
\nThe following built-in capabilities of LoginRadius CIAM lets you meet data regulations and protect customers’ and partners’ data privacy:
\nLoginRadius Dashboard lets you access your application's audit logs of activities performed by customers and partners.
\nAlso, you can access 30 different analytical charts to understand your customer and partner base and engagement.
\nThe following explains the step-by-step implementation of LoginRadius B2B Identity:
\n\n\nNote: To implement B2B Identity, you must have a Developer Pro account with LoginRadius. Create a Developer Pro account here for 21 days of the free trial.
\n
These are your customers or partner organizations who need to access your application. You can create and manage these Organizations using the following APIs:
\nCreate Organizationsdocs/references/api/b2b-identity/#create-organization)
\nAPI Endpoint: https://api.loginradius.com/identity/v2/manage/organizations
Update Organizationsdocs/references/api/b2b-identity/#update-organization)
\nAPI Endpoint: PUT https://api.loginradius.com/identity/v2/manage/organizations/{id}
Remove Organizationsdocs/references/api/b2b-identity/#remove-organization)
\nAPI Endpoint: DELETE https://api.loginradius.com/identity/v2/manage/organizations/{id}
Update Organization Statusdocs/references/api/b2b-identity/#update-status-of-organization)
\nAPI Endpoint: PUT https://api.loginradius.com/identity/v2/manage/organizations/{id}/status
These are the roles that organization users will have to access permission-based resources and processes. You can create, assign, and manage roles using the following APIs:
\nCreate Roledocs/references/api/roles-management/#roles-create)
\nAPI Endpoint: https://api.loginradius.com/identity/v2/manage/role
Add Permission to Roledocs/references/api/roles-management/#add-permissions-to-role)
\nAPI Endpoint: PUT https://api.loginradius.com/identity/v2/manage/role/{role}/permission
Remove Permission from Roledocs/references/api/roles-management/#remove-permissions)
\nAPI Endpoint: DELETE https://api.loginradius.com/identity/v2/manage/role/{role}/permission
Set Roles for Organizationdocs/references/api/b2b-identity/#addupdate-roles)
\nAPI Endpoint: https://api.loginradius.com/identity/v2/manage/organizations/{id}/defaultroles
Add User to Organizationdocs/references/api/b2b-identity/#add-user-to-organization)
\nAPI Endpoint: https://api.loginradius.com/identity/v2/manage/organizations/{id}/members
Remove Users from Organizationdocs/references/api/b2b-identity/#remove-users-from-organization)
\nAPI Endpoint: DELETE https://api.loginradius.com/identity/v2/manage/organizations/{id}/members
Get Organization Usersdocs/references/api/b2b-identity/#organization-users)
\nAPI Endpoint: GET https://api.loginradius.com/identity/v2/manage/organizations/{id}/members
You can allow organizations to use the organizational identity or ask them to create an identity for authenticating themselves.
\nSet Global IDP for Userdocs/references/api/b2b-identity/#set-global-idp-on-profile): Set a global Identity Provider authentication method from the already enabled authentication methods for your LoginRadius App. The global IDP will apply to organizations of all your customers and partners.
\nFor example: Login with Gmail, Login with Facebook, Login with Email-Password, etc.
\nAPI Endpoint: https://api.loginradius.com/identity/v2/manage/organizations/{org_id}/members/{uid}/idp/global
\n\nNote: To show the global IDP to all organizations, turn the setting on via this APIdocs/references/api/b2b-identity/#set-global-authentication-method-for-organization).
\n
Create SAML Login for Organizationdocs/references/api/b2b-identity/#create-organizational-saml-idp): Set a SAML authentication method specific to the customer or partner.
\nFor example: Login with Salesforce for one customer and Login with Azure AD for another customer. So, customers and partners can easily authenticate using their identity provider rather than creating a new identity.
\nAPI Endpoint: https://api.loginradius.com/identity/v2/manage/organizations/{org id}/idp/saml
You can manage the welcome email and related email communication for the organization users using LoginRadius Dashboard, as explained heredocs/guide/manage-organizations/#manage-email-template-and-setting).
\nSave on R&D, engineering resources, and maintenance by utilizing LoginRadius B2B Identity — consequently, go to market faster.
\nCreate a Developer Pro account here to start your journey of eliminating authentication and access friction from your B2B business.
\n","frontmatter":{"date":"May 31, 2022","updated_date":null,"description":"B2B companies need to manage identity differently to meet customer needs and deliver value efficiently while ensuring secure and seamless access. Read more to learn how your company can implement B2B identity management.","title":"Why B2B Companies Should Implement Identity Management","tags":["Identity","Access Management","B2B"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/40cc7e952a0e3c8722171d03a00830f1/ee604/b2b-identity-management.png","srcSet":"/static/40cc7e952a0e3c8722171d03a00830f1/69585/b2b-identity-management.png 200w,\n/static/40cc7e952a0e3c8722171d03a00830f1/497c6/b2b-identity-management.png 400w,\n/static/40cc7e952a0e3c8722171d03a00830f1/ee604/b2b-identity-management.png 800w,\n/static/40cc7e952a0e3c8722171d03a00830f1/f3583/b2b-identity-management.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Ravi Teja Ganta","github":"ravitejag","avatar":null}}}},{"node":{"excerpt":"What is a Cyber Attack? A cyber attack is a sequence of actions performed by a threat actor to obtain unauthorized access to a computer…","fields":{"slug":"/engineering/top-cyber-threats-in-2022/"},"html":"A cyber attack is a sequence of actions performed by a threat actor to obtain unauthorized access to a computer, computer network, or other computing systems to intentionally steal data, harm innocent people, or launch attacks from a compromised computer. To launch a cyberattack, cybercriminals utilize many methods, including phishing, ransomware, malware, man-in-the-middle attack, and denial of service, among others.
\nPhishing is used to steal user credentials and sensitive data such as credit card numbers and social security numbers or install malware on a victim's machine. An attacker usually sends fraudulent communications that appear to be from a reputable source. Specifically, scammers send emails or text messages containing malicious links in a manner that seems to originate from legitimate senders.
\nDenial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks send malicious and spam requests to a system or network, severely restricting the ability to perform and serve legitimate users and requests. This attack is frequently used to set up another attack.
\nVishing combines voice and phishing in which an attacker tricks a victim to steal personal and confidential information. It is a social engineering attack as it relies on psychology to convince victims to give sensitive information or perform an action for the attacker's benefit.
\nMalware attacks are common types of cyberattacks in which malware (usually malicious software) performs unauthorized actions like stealing personal, financial, or business information on the victim's system. Malicious software is created in several forms, including ransomware, spyware, and command and control.
\nRansomware is malware that threatens to expose or limit access to data or a computer system by encrypting valuable data or limiting system functionality. Cybercriminals demand monetary incentives (ransom) for releasing the system after encrypting or locking the data. A deadline is typically attached to the ransom demand. If the victim does not pay the ransom on time, the data will be lost permanently, or the ransom will be increased.
\nA man-in-the-middle (MiTM) attack occurs when an attacker intercepts and distributes messages between two participants who think they are interacting directly and securely. Participants who send emails, instant messages, or video conferencing are unaware that an attacker has inserted themselves into the conversation and is collecting and manipulating their information.
\nA Brute-force Attack is an attempt to find a credential, such as a password, using computer-based automated trial and error. The attack involves automated spraying of all possible character combinations and lengths into a password field until a match. Brute-force attacks are successful when the authentication protocol of an online service complements this type of attack. Shared secrets between the service and the user provide the highest probability of success for a brute-force attacker.
\nAny cyberattack that targets an Internet of Things (IoT) device or network is known as an IoT attack. Once the device has been hacked, the hacker can take control of it, steal data, or join a network of infected devices to execute DoS or DDoS attacks.
\nA keylogger is spyware that logs a user's activity by logging keystrokes. Every key pushed on the keyboard is captured and forwarded to a malicious actor when the spyware installs a keylogger on a device. As a result, the attacker will have access to data streams that help find user passwords and other sensitive information. Keylogger spyware is generally installed on the user's device by unintentionally clicking on a malicious link or attachment.
\nCross-site Scripting (XSS) attacks use third-party online resources in which malicious scripts are inserted into a legitimate website or application to obtain a user's information. Attackers commonly employ JavaScript, Microsoft VBScript, ActiveX, and Adobe Flash for XSS attacks. A web app is usually vulnerable to XSS attacks when it receives user input without validating or encoding it in its output.
\nCyberattacks are becoming ever more common and sophisticated, mostly with financial motives.\nWhile preventative cybersecurity tactics vary by attack type, you should follow best security practices and practice IT hygiene for mitigating these attacks.
\nThese cyber-threats are creating more emphasis to stack up security measures. You can follow these Security Tips, which are well-known among LoginRadius’s cybersecurity Experts.
\n","frontmatter":{"date":"May 31, 2022","updated_date":null,"description":"Cybercriminals are using an increasing number of attacks to exploit web apps and steal valuable data. This article teaches about the ten most common types of cyber threats.","title":"Top 10 Cyber Threats in 2022","tags":["Cyber Threats","Security"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/92629222753ebb5a3139b4769d414041/ee604/top-10-cyber-threats-in-2022.png","srcSet":"/static/92629222753ebb5a3139b4769d414041/69585/top-10-cyber-threats-in-2022.png 200w,\n/static/92629222753ebb5a3139b4769d414041/497c6/top-10-cyber-threats-in-2022.png 400w,\n/static/92629222753ebb5a3139b4769d414041/ee604/top-10-cyber-threats-in-2022.png 800w,\n/static/92629222753ebb5a3139b4769d414041/f3583/top-10-cyber-threats-in-2022.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Vijay Singh Shekhawat","github":"code-vj","avatar":null}}}}]},"markdownRemark":{"excerpt":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards…","fields":{"slug":"/identity/developer-first-identity-provider-loginradius/"},"html":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.
\nWe’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.
\nThe goal? Having them spend less time searching and more time building.
\nLoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.
\nHere’s a closer look at what’s new and why it’s important:
\n![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.
\nThe new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.
\nSo, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:
\nThis structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.
\nThe new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.
\nOur platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.
\nCheck out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.
\nDo not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!
\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},"pageContext":{"limit":6,"skip":246,"currentPage":42,"type":"///","numPages":161,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}