KuppingerCole Report
Advisory Note
By Paul Fisher

Identity Authentication Standards

Authentication is a core component of Identity and Access Management (IAM) Solutions and central to the security and management of modern organizations. For many years, the industry has been developing protocols that offer secure authentication beyond basic username and passwords. Digital transformation has increased the need for robust standards that can work with remote working, multi-cloud environments, IoT, APIs and DevOps.
By Paul Fisher

1 Introduction

Authentication is a core component of Identity and Access Management (IAM). It has been a leading area of research and product development for decades ...

Login Get full Access

2 Highlights

  • The basic concepts of authentication for the enterprise
  • The differences between authentication and authorization
  • The principles behind leading a ...
Login Get full Access

3 The basics of authentication in the enterprise

As a foundational element of Identity and Access Management (IAM), at KuppingerCole we believe that strong authentication lies at the heart of securin ...

There are stronger forms of authentication available through cryptographic hard tokens such as smart cards, and biometrics such as facial recognition ...

Login Get full Access

4 How different types of authentication work

As with almost any aspect of computing, different standards or protocols have been established to achieve authentication through all types of transact ...

OpenID Connect

OpenID is another HTTP-based protocol that that works similar to OAuth but provides stronger authentication and is often used in conj ...

Public Key Infrastructure (PKI)

PKI is a technology for authenticating users and devices using cryptographic technologies. The basic idea is to have ...

Security Assertion Markup Language (SAML)

SAML was an early identity federation protocol, allowing cross-domain authentication. In other words, a us ...

Transport Layer Security (1.3) (TLS)

TLS is an updated version of SSL used for encrypting communication between HTTPs applications and servers. TLS ...

FIDO 2.0

The FIDOTM (Fast Identity Online) Alliance is a non-profit organization, launched in February 2013, to address the lack of interoperabili ...


Kerberos is an authentication protocol first developed at the Massachusetts institute of technology (MIT) and extended by Microsoft. It use ...

LDAP for Active Directory

LDAP (Lightweight Directory Access Protocol) is an open and cross platform query protocol that can be used for directory ...

The Matrix of Authentication Features

Protocol Keys APIs SSO Tokens Certificates HTTPS MFA Azure AD
FIDO 2.0 Yes
Login Get full Access

5 Future trends and developments in identity and authentication

Standards are only part of the story in providing strong authentication across the infrastructure of digital enterprises and organizations. Proving id ...

Login Get full Access

6 Summary and recommendations to business

Awareness of the importance of digital identity is increasing, from the consumer point-of-view all the way to executives and boards of directors. Auth ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.