Skip to main content
Version: Next Gen

Zero Trust Authentication

What is Zero Trust Authentication in Beyond Identity?

Beyond Identity provides a Zero Trust Authentication tool that provides secure access for all employees and contractors.

  • Phishing-resistant MFA: Authenticate both the user and their device with only phishing-resistant factors and credential operations with device-bound passkeys and ZERO reliance on humans in the authentication loop.
  • Single-device, passwordless UX: Single-device, passwordless login experiences that takes out the speedbumps in authentication across every device and OS (including Linux!)
  • Continuous authentication: ‍Re-evaluates user, device, and third-party risk signals every 10 minutes and enforces risk-based policy against these ongoing evaluations even during active sessions. Combined with the ability to set policies on a per-application basis, a new capability introduced with our SSO, you can easily leverage continuous authentication for high risk applications.
  • Fine-grained device trust: Protect sensitive apps by defining fine-grained, adaptive risk-based policies on a per application basis.

Available features may vary based on the package selected.

Quickstart checklist

Review the following steps for the fastest way to get started using Zero Trust Authentication.

  1. Integrate Beyond Identity as an identity provider (IdP).

  2. Configure integrations, if available.

  3. Add policies.

  4. (Optional) Configure branding to match your corporate look-and-feel for the email that will be sent to users to enroll their devices.

  5. Add users (identities) to the Beyond Identity platform.

    Once you've added users, you can add a Passkey. This will send an email to the user to enroll their device.


    You may want to add a group and assign the users first, and then return to the Identities page to add a passkey.

  6. Add groups and assign users to those groups.

  7. Review events.