Innovationskraft durch Digitalisierung der gesamten Wertschöpfungskette
Blog, Blog EN

LDAP-IDP service with cidaas integration

LDAP-IDP service with cidaas integration

In 2021, companies will continue to use LDAP services to authenticate users. Even when it is obvious that OpenId Connect and OAuth2 are the new de facto standard for user authentication, the change has to be well planned. Therefore, in some environments it makes sense to use migration procedures to accelerate the widespread introduction of cidaas with the help of this LDAP service. This article describes what the cidaas LDAP service does, how it can be used in companies and which security aspects have to be considered.



DAP services, for example Microsoft’s Active Directory Service, Oracle Internet Directory and OpenLDAP are based on storing information in a directory tree structure. Thus, organisational structures are mapped and the employees in these organisational units are organised. The administration of a password for the employee (user) is then only a small step to enable user authentication with an LDAP service. For this reason, LDAP services are often used in companies for user authentication. Some manufacturers have expanded the directory structures to such an extent that system elements such as computers or printers are also managed in these directory services.

New and powerful standards have evolved with the advent of the Internet and the mobile era, enabling secure user authentication and more powerful authorisation management. The chart below shows the evolution of authentication and authorisation standards.

LDAP-IDP-Service mit cidaas Integration

Ever since “digitalization” has become the dominant theme, secure and future proof IAM solutions, such as cidaas, have been in demand. The cidaas LDAP-IDP service is designed to enable a compatible connection of LDAP clients in order to significantly accelerate migration projects. Cidaas supports the OpenId Connect, OAuth2 and Device Authorisation protocols. In addition, cidaas offers many verification methods for users that are passwordless and in combination enable multifactor authentication.

With the cidaas LDAP service, the user authentication of an existing LDAP service in the company can be replaced, so that the user management and the user authentication are carried out centrally in cidaas. With this

  • an SSO with the same user credentials is achieved
  • cidaas can be used securely as a Cloud SaaS with LDAP
  • users can be managed centrally (user information, locks, permissions)
  • Existing applications can still be used if an OIDC/OAuth2 or SAML2 based authentication method does not or not yet work.

Flashback LDAP

LDAP-IDP-Service mit cidaas Integration

A directory tree offers the possibility to store different information and to search for this information. The idea of structuring information in a directory tree is basically good if the information follows a hierarchy. This has been a practical approach in companies for many years, especially if the organizational units are structured functionally and hierarchically. For example, to assign different permissions to applications, user groups were formed where a user group can also correspond to a user role. user groups were formed, whereby a user group can also correspond to a user role – in most systems these groups are then also mapped to roles.

For users, a password can also be managed in the LDAP element and, depending on the implementation, a history of passwords used. These passwords are usually stored as hash values (e.g., SHA-1 or SHA-256). This makes it possible to authenticate users with the combination “user ID and password” in the LDAP server.


Distinctions between LDAP and cidaas

It is unfair to talk about the advantages and disadvantages of both technologies or products, because the advantages clearly lie with cidaas.


Security-relevant points of critique with LDAP

  • The Ldap(s) protocol does not provide for any pre-authentication of the client application, which means that basically any application can call the LDAP service.
  • User authentication with LDAP can be implemented in different ways, but it is usually assumed that a search of the user has carried out first
  • The administrative authentication can be considered as token authentication because the LDAP protocol is not a stateful protocol or requires a sequence of calls, e.g..

    1. bind with administrative user, 
    2. search for objects or bind of a conventional user
  • LDAP services must accept anonymous requests from any clients in order to provide the capabilities or structural information about the structure of the directory structure. This access must additionally be restricted, for example, by means of a firewall.
  • It is basically impossible to prevent an LDAP service from returning the hashed password to the client, which makes local brute-force attacks easier.
  • Fundamentally, the LDAP service is only, among other things, a “user authentication service” whose functionality is based on knowledge, namely “user ID and password”. Otherwise, the LDAP service does not offer any further verification procedures.
  • As a consequence of the described weak points, an LDAP service cannot be used as a public interface on the Internet for authentication, e.g., in web applications or mobile applications.

The use of an LDAP service in a secure, closed environment is generally less problematic as long as there is appropriate monitoring and regular auditing.


Missing functions in LDAP

  • LDAP services are basically structured in such a way that central administration takes place; shared administration causes a high organizational effort. The management of sub-trees is a theoretical construct that rarely works in practice because, for example, users in several organizational units have to be managed from a central location.
  • User self-services are difficult to achieve via the LDAP protocol and are usually implemented via additional products.
  • The link between user authorisations and an application cannot be verified by the LDAP service because only the data is available but not the necessary logic.
  • Multi-factor authentication or fraud detection is not available in LDAP services.

Other paradigms

LDAP implements a directory tree, cidaas does not. This means that navigation within hierarchies is not possible in a meaningful way in cidaas. Instead of a tree structure, cidaas uses a group concept and user roles that can be used flatly and simply from an authorization perspective. This results in more powerful ways to filter users.
Cidaas implements only “group” and “user” objects.


Reasons for using the cidaas LDAP Service

The use of the cidaas LDAP Service is possible with the implementation of cidaas. It is useful if existing applications need LDAP for a defined period of time and will only use new authentication standards in the context of their lifecycle management.


Integration of cidaas LDAP Services


Integration architecture

The cidaas LDAP service is provided as a Docker image and operated on a server system in the company. The LDAP service should not be operated in the cloud, nor should it be publicly accessible.
cidaas can be used as SaaS, as intended, as the LDAP service is connected via secure, internet-enabled protocols.

LDAP-IDP-Service mit cidaas Integration

Each LDAP client is configured in cidaas as a standalone app and assigned individual group and role permissions. This ensures that a client system does not gain access to user information that is not in their scope. The cidaas LDAP service can therefore be considered more secure than traditional LDAP services.



The cidaas LDAP service has a defined functionality that is limited to user authentication and authorisation only.

  • Editing the entities in the LDAP directory through the service is not possible and not desired. Such configurations are to be made in cidaas, via the admin dashboard or the cidaas APIs.
  • The cidaas LDAP service does not provide MFA functionality. If MFA is required, it is recommended to replace LDAP in the client and use SAML2 or OpenId Connect.
  • The cidaas LDAP service offers entity search for the object’s “user” and “group”.
  • No cidaas LDAP schemes can be retrieved, a generic scheme is supported.

Suggestions: Replacing LDAP Services

In the enterprise, the replacement of LDAP services should be considered for several reasons:

  • As such, due to the weak authentication solution, 
  • Due to the lack of integration possibilities with cloud software solutions, 
  • Aufgrund der suboptimalen Verwendung in Umgebungen, in denen Work-From-Home oder mobiles Arbeiten realisiert wird – da in diesen Fällen stets VPN Netzwerke notwendig sind und
  • Because of the suboptimal use in environments where work-from-home or mobile working is realised – as VPN networks are always necessary in these cases, and
  • because other possible uses of LDAP, e.g., device management or domain administration, have long since been taken over by more powerful device management solutions.
    The use of cidaas replaces LDAP-based authentication. However, the cidaas LDAP service is suitable as a quick win so that systems can continue to be used in compatibility mode.

Retrospect: What Happened in Identity Management in 2020
Blog, Blog EN

BLOG Retrospect 2020: what happened in identity management

Retrospect: What Happened in Identity Management in 2020

Retrospect: What Happened in Identity Management in 2020

We have reviewed the year 2020 for you and had a look at the most significant developments of the last year.

Identity management has been changing drastically for several years due to digitalization and a rapid increase in the number of digital services. There are constant innovations, ideas and new developments in this area to delight users with more convenience, to protect them and the systems more effectively, and even occasionally a development driven by the market powers as well.

However, especially in the last year, with the beginning of the pandemic, digital services gained enormous relevance in order to continue to reach the customer. But topics such as data protection were also very much on the agenda.

A short pickup: Identity and Access Management is used in the enterprise environment as well as in the customer environment. This realizes convenience with features like single sign-on and passwordless authentication, as well as federated identity and security through multi-factor authentication or fine-grained rights, role, and group management.

Let’s start our journey with 2020 and what impact it had on Identity Access Management.

  • February 2020
    Farewell to password change constraints
    The BSI is revising the IT Baseline Protection Compendium and saying goodbye to the recommendation to change passwords regularly. Simultaneously, it removes the requirement for fixed rules for password length and complexity as well.
  • March 2020
    Apple’s ID and iOS 13 SDK become mandatory.
    Apple has warned that from the end of April it will only accept iPhone apps and updates created with the latest SDK. “Sign in with Apple” is also mandatory.
    “Sign in with Apple” has simplified the process of creating new accounts; on Apple devices, biometric authentication is sufficient. No new passwords or confirmation emails need to be assigned, and there’s no need to share your email address. Apple emphasizes that no data is collected for tracking or profiling by using the service.
  • June 2020
    Safari supports WebAuthn
    Login without password: Apple brings Face ID and Touch ID to the web. iPhone, iPad and Mac users will be able to log in to web services via biometrics in the future. The FIDO Alliance hopes for a quick rollout.
  • July 2020

    GitHub has announced that it will rely entirely on token-based authentication in the future. From November onwards at the latest, it will no longer be possible to log in to the REST API with a name and password. Probably starting in summer 2021, developers will need tokens for all GitHub actions that require authentication.

    Joining the Alliance for Cybersecurity
    cidaas has joined the Alliance for Cybersecurity as a member! Since mid of July cidaas is part of the Alliance for Cybersecurity.

    cidaas in the OpenID Foundation!
    cidaas joins the OpenID Foundation as a Corporate Member, giving it the opportunity to influence the future of identity management and help shape specifications as a member of one of the leading organizations.
  • September 2020

    The European Cyber Security Month (ECSM) of the European Union Agency for Cyber Security ECSM (European Cyber Security Month) took place again.
    ECSM offered great activities to inform citizens and organizations about current risks and measures in the fight against cybercrime. cidaas participated with a free webinar on Smart MFA: Multi-factor authentication with convenience and security.

  • November 2020

    cidaas launches “Bye bye password initiative!”
    As part of the initiative “Bye bye password! The Future of Login,” cidaas is launching a passwordless authentication initiative. The campaign page is now available at zu finden.

dem Passwort
Blog, Blog EN

The Psychology of Password Allocation

The Psychology of Password Allocation

The Psychology of Password Allocation

Bruteforce attacks are often experienced attacks that can cause major reputation damage in addition to financial damage. Those who used to swim under the radar may have to expect attacks of various kinds today. For quite some time now, Criminals are no longer just after the big companies but use the attack areas of every company. It is essential to be equipped.

Bruteforce attacks attempt to get access to an account via different username-password combinations. As if someone turns on the wheel of a combination lock and tries out the most different number combinations until the combination lock is cracked.

Whereas the combination lock is turned manually on the wheels, the computer does a great job in a brute force attack. With more than 10,000 password combinations per second, the attacker can shoot at the login mask and try a so-called account takeover.

The logic behind the password strength

A password consisting of 6 lower case letters of the German alphabet gives 308,915,776 possible combinations.

This is calculated by determining the letters of the alphabet that can be used without äöü and ß, which in this case are 26 letters to the power of 6. The length of the password is 6.

If one assumes 1000 attempts per second, the password can be guessed in 3.5 days at the earliest.

This should be improved by password guidelines or password policies, which then say that 12 characters are required, upper and lower case letters must be included and a special character should be used.

This increases the number of possible characters from 26 to 72 and the exponent from 6 to 12, so that 19,408,409,961,765,342,806,016 passwords are possible. Thus, an attempted attack would already have reached 615,436,642,623 years.

This is the result is quite impressive.

Why are Bruteforce attacks impossible to defeat despite password policies

In IT one would say a layer 8 problem – this means the person in front of the screen.

The evolution of mankind is impressive so that today we speak of modern man. Unfortunately, we still have a big problem with remembering passwords.

The assumption behind the many different password combinations and the solution space is that a random combination of characters is chosen.

The human factor: The psychology of password assignment and password remembering

To make life a little easier, we tend to use patterns and apply logic to our passwords. These logics can be depicted. The solution space shrinks considerably as different probabilities are applied to the combinations. For example, the Duden is taken and an E is converted to a 3, with combinations of special characters and numbers appended at the end.

It becomes even more simple when password guidelines are not interpreted so strongly and particularly when users use the same passwords or choose one of the most popular passwords. For the latter, there are many lists and statistics which show that passwords such as 123456 are still used by up to 10% of users on some platforms.

It makes it very easy for a hacker to get access to accounts. A few more patterns in password assignment and password remembering behavior have been identified. Various psychological studies have dealt with these issues which among other things identified a connection to natural language. In concrete terms, the connection is which letters usually or very often follow each other. This frequency with which a letter follows another letter is known as a bigram. The TU Freiberg has published a statistic on this subject, which shows the ten most frequent double letters, the eighteen most frequent bigrams, among which ER, EN, and CH are among the top three candidates in German, and also further analyses of English language use.

Zum Single Sign On in 30 Minuten
Blog, Blog EN

To the single sign on in 30 minutes

Reading time approx. 5 minutes

To the single sign on in 30 minutes

Due to the increased number of various digital services in the enterprise as well as in the customer environment, Single Sign-On became increasingly critical. On the one hand, it is an essential element to provide more user comfort and a smooth journey and on the other hand, it serves to improve security. Identity and access management play a central role in the realization of Single Sign-On.

Where do cloud identity and access management help?

A cloud identity and access management support the management of the various stakeholders. This begins with employees, customers and partners. This is not just about individuals, rather about customers and partners, it is obvious that stakeholders can also represent organisations, which in turn can be structured in hierarchies. An Identity and Access Management System must be capable of representing all this.

Internal/Enterprise IAM: The management of employees is becoming increasingly complex due to the numerous digital channels. For a long time, companies have therefore used a so-called IAM or IDM. In particular, the mapping of the authorization plays an essential role in implementing access restrictions, segregation of duty and thus the authorization concept. Both onboarding and further needs-based allocation of rights must be implemented efficiently, transparently and quickly. The requirements and processes vary greatly depending on the industry, organization and department. An IAM must therefore be able to cover the individual needs of a company to enable a clear, secure and efficient implementation of the authorization concept.

Customer IAM: Digital services are almost springing up out of the ground, particularly in the end customer environment. In every industry, in the B2B as well as the B2C environment, they will become an essential component, a decision criterion, in order to get to know customers better, to work together more easily, to inspire customers and partners and thus also to retain them in the long term.

Customers’ systems can usually be easily separated from their internal systems. The customer channels represent the communication channels that are provided to customers to offer new services. Then there are the systems that are mainly used internally, within the company, such as the CRM, the ERP system, time recording etc. Only employees have access to these systems. While in the case of customer channels employees often need access, partners are the extreme cases. Depending on the task, the partner is on the road both on customer channels and on the internal systems. Group management is therefore necessary.

To the single sign on in 30 minutes

With Identity and Access Management, such as cidaas, you create an identity of the user across all channels via the applications in a company, such as CRM, ERP, office systems, etc. and thus introduce Single Sign-On.

And for the customer area, the registration and authentication of the customer are carried out via Identity and Access Management. This enables you to recognize your customers via the various digital services such as cloud services, web services, shop systems, etc., know where they move, which channels they use and can offer them not only convenience but also exceptional, individual customer experiences.

Procedure of a Single Sign-On:

The de facto standards in the identity environment are OpenID Connect and OAuth2. These are the newer standards. SAML, especially in the SAML2.0 version, is the older standard, which is nevertheless still followed by many systems, especially in the internal environment. These standards are used to integrate an identity management system and to implement Single Sign-On.

  1. Calling domain 1: This could be a shop system, for example.
  2. Domain 1 says that a login is required here, which initiates the forwarding to cidaas.
  3. In the third step the user logs in.
  4. Cidaas stores the information in the cookie, in the browser storage. Other information is also stored to prevent bot attacks and fraud attempts.
  5. Afterwards the information is forwarded to the shop system.
  6. The shop system can work with the token sent with the order. With it the user can be authenticated and the use of the shop system can take place.
  7. The shop system can then store information in the domain 1 cookie
Single Sign On is characterised by the fact that the same authentication mechanism can be used on the various domains, but also that the user remains logged in across all channels.
  1. User switches to the website in domain 2.
  2. A login is also required here, so that the forwarding to cidaas takes place
  3. Whereupon the redirection to the website with the issued token takes place.
  4. The Web page can now use the token and perform authentication. Information such as first name, surname, etc. can then be available in this token.
  5. Further information can be stored in the domain 2 cookie.

Single Sign On - Process

To demonstrate these possibilities and Single Sign On in a practical way, you can easily carry out the integration based on OpenID Connect following these steps.

Here you can see and test how the integration is based on the SAML Standard.

FIDO2 läutet die Benutzer in ein neues Zeitalter der ubiquitären Authentifizierung ein.
Blog, Blog EN

8 years in FIDO – What has happened so far

8 Jahre FIDO – Was bisher geschah

8 years in FIDO – What has happened so far

FIDO2 heralds a new age of Universal Authentication.

For several reasons, logging in to a website with your username and password may not be the ideal method of authentication. On one hand, the number of applications a person uses is constantly increasing. On the other hand, the security of credentials is increasingly at risk as cybercrime becomes more sophisticated and technologically advanced. Targeted brute-force attacks or seemingly harmless phishing attacks via email have become so common that users often do not even notice that their own credentials have been hacked.

  • 2009

    Validity Sensors and PayPal deal with the use of biometrics to register online users instead of passwords. The session stimulated the idea of working on an industry standard based on public key cryptography that would allow password-less login with only local authentication.

  • 2012

    The FIDO alliance was founded by PayPal, Lenovo, Nok Nok Nok Labs, Validity Sensors, Infineon and Agnitio. The development of a password-less authentication protocol was started.

  • 2013

    Major Internet companies, system integrators and security providers have joined to form the FIDO (Fast IDentity Online) Alliance to revolutionise online authentication with an industry-supported standard-based open protocol. Finally, the Alliance was launched in California.

  • 2014

    The comprehensive password less protocol FIDO v1.0 (called FIDO Universal Authentication Framework – FIDO UAF) and the second factor protocol (called FIDO Universal 2nd Factor – FIDO U2F) were completed and released at the same time. The production launch of fully compliant FIDO v1.0 devices and servers began.

  • 2015

    cidaas, the modern Cloud Identity and Access Management solution, was created. Widas ID started the development of cidaas. With the best user experience in mind, cidaas added versatile, convenient and secure authentication methods.

    In a pluggable approach, cidaas offers e.g. biometric methods like TouchID or WebAuthn, One-Time Passwords and many more. Customers can easily add and offer new methods.

    With the seal Software hosted in Germany and ISO27001 certification, cidaas complies with the highest data protection and security standards.

  • 2016

    The World Wide Web Consortium (W3C) has launched a new standard project for web authentication based on the FIDO2 2.0 web APIs proposed by the Alliance. The aim of the FIDO Alliance in this work called FIDO2 was to work with the W3C to standardise strong FIDO authentication across all web browsers and the associated web platform infrastructure.

  • 2017

    The FEWG-FIDO Europe Working Group was established.

    Based on Google Chrome, Microsoft Edge and Mozilla Firefox, the FIDO2 project heralds a new era of ubiquitous, phishing-resistant, strong authentication to protect Internet users worldwide.

  • 2018

    cidaas announced to support FIDO2. Since then it is possible to experience FIDO2 and WebAuthn live on and to test the new user experience.

  • 2020

    Apple extends FIDO authentication support in Safari to iOS 14, MacOS Big Sur and iPadOS 14 and enables users to log in with FIDO on websites using Apple’s Face ID and Touch ID biometric authentication.

    To learn more about cidaas, key features and various password-free authentication methods, please visit vorbei.

The Digital Pioneers Conference - Digitisation on the rise - 5 wonderful years of cidaas
Blog, Blog EN

The Digital Pioneers Conference – Digitisation on the rise – 5 wonderful years of cidaas

The Digital Pioneers Conference - Digitisation on the rise - 5 wonderful years of cidaas

The Digital Pioneers Conference – Digitisation on the rise – 5 wonderful years of cidaas

On Friday (13.11.2020) the first Digital Pioneers Conference, organised by esentri AG, was held and we were present there. In this blog, we look back at the event and the various impulses.

What does the Digital Pioneers Conference stand for: “With the Digital Pioneers we look behind the scenes of successful digitization projects and learn from courageous personalities who have shaped their own future. The audience could [look forward] to inspiring keynote speakers, interesting project stories, tech talk, and the extraordinary atmosphere of a hybrid conference!

The topics and contents of the conference were very diverse. Leander Govinda Greitemann started the conference with a keynote speech about the pioneering spirit and supported his presentation with exciting stories. Robert Szilinski then took up the pioneering spirit in his slot and declared a battle against pessimism. Throughout the day, there were many exciting presentations on successful digitization projects, new and changing business models, and the culture necessary for a sustainable digital transformation, but there was also no shortage of prospects for technological advances such as the quantum computer. In summary, the diversity of the conference was a key success factor, because as diverse as the presentations are, so are the ideas and challenges in digitization. Digitization is not driven by technology, but by the combination of many impulses, with technology also being an enabler, but business culture, ideas, and concepts are the drivers of development.

We were pleased to take the opportunity to play our part in the conference. Based on the quotation from Raumschiff Enterprise: “Identity – infinite vastness. It is the year 2020” we started to think the world differently five years ago – we started with cidaas, our Cloud Identity & Access Management. And a lot has happened in the past 5 years. We have become aware of this once again, particularly in the preparation for the conference. Only recently we have summarised the history of the FIDO Alliance and the FIDO2 standard in a blog (8 years of FIDO – What has happened so far). We have already integrated FIDO2 into cidaas since 2018, the distribution, but especially due to the availability on Apple, it has been a long time coming. In our presentation, we took a closer look at these and other highlights from 5 years of cidaas, because: “On our journey through the galaxies of our customers we have mastered different requirements. However, we have also avoided the odd meteorite or two in our continuous efforts to push cidaas forward”.

At this point we would like to thank esentri for the great organisational work. The conference was planned wonderfully, there were two stages, as well as the opportunity to network, and though a personal visit to the conference during Corona is not possible, it had a personal touch.

We are looking forward to 2021!

Now, FIDO2 is set as standard in Apple Browse
Blog, Blog EN

Now, FIDO2 is set as standard in Apple Browser

Now, FIDO2 is set as standard in Apple Browser

Now, FIDO2 is set as standard in Apple Browser

Using TouchID or FaceID to unlock the smartphone is the current standard. In addition to security, it is above all a question of convenience for users to unlock their smartphone quickly and easily using a biometric procedure. This was not possible in the browser of the iPhone so far. With the new major version of the Apple browser Safari 14, Apple supports biometric authentication using TouchID and FaceID (Device Biometrics) via the FIDO2 and WebAuthn standards, respectively.

Authentication with a wide variety of platforms, online shops or other digital services via device biometrics is no longer a futuristic dream. Technically, the FIDO2 standard consists of two components, the WebAuthn standard of the World Wide Web Consortium (W3C) and the Client-to-Authenticator Protocol (CTAP) of the FIDO Alliance.

For quite some time now, we have been offering authentication via the FIDO2 standard with our Cloud Identity & Access Management, cidaas, both as two-factor authentication and as password less authentication. Even though FIDO2 has become more and more popular in recent years, the introduction of any procedure is subject to the limitations that come with it. Although providers such as Google or Microsoft have supported FIDO 2 for some time

and integrated it into their own platforms, Apple has been a long time in coming – it was not until iOS 13 that FIDO2 support for external authenticators, such as via NFC, BLE, or USB, came to the iPhone. On the contrary, Android has already received FIDO2 accreditation in February 2019.

With the introduction of FIDO2, especially through device biometrics, on the Apple ecosystem, the FIDO Alliance as well as many platform and service providers are now hoping for wider and mainly faster dissemination of FIDO2.

We at cidaas are also strong supporters of FIDO2 and other passwordless authentication methods, as these methods allow us to offer secure as well as convenient authentication on a wide range of channels. More than ever before, the password is the killer of user comfort and security. If you want to know more about passwordless authentication or FIDO2, have a look at, under this slogan we have started an initiative for passwordless authentication.

cyber security
Blog, Blog EN

Experience with the Alliance for Cyber Security

Experience with the Alliance for Cyber Security

Experience with the Alliance for Cyber Security

We joined the Alliance for Cyber Security as a member in mid-July and then completed our onboarding as a partner at the end of August. We would like to use this short blog to describe our first experiences with the Alliance for Cyber Security and our partner contributions.

As a short digression, what does the Alliance for Cyber Security do (extract from the ACS website):

“With the Alliance for Cyber Security, founded in 2012, the Federal Office for Information Security (BSI) is pursuing the goal of strengthening Germany’s resistance to cyber-attacks.

Currently, 4548 companies and institutions are members of the initiative – and more participants are joining every day.

IT service and consulting companies, as well as IT manufacturers, are equally represented within the network as user companies of all sizes and industries. This diversity is an important guarantee for a rich exchange of IT expertise and application experience, from which all participants benefit.

148 partners and 99 facilitators are involved in the initiative and thus make a valuable contribution to more cybersecurity in Germany as a business location”.

As Cloud Identity & Access Management (cidaas) we are predestined for the partner program, we offer an IT security solution & in this context, we have to deal with the most diverse requirements in this environment daily. Furthermore, we see cidaas as Identity & Access Management as a central component in the digitalization of companies. Combining security with digitization, innovation and ultimately user comfort is one of our goals. To mark this occasion, we have designed our first partner contributions for the Alliance for Cyber Security and launched a webinar series that shows how modern authentication can and should be secure and convenient.

Which topics did we cover in the webinars?

  1. Bruteforce attacks and what can one do against them?
  2. FIDO2 and password less authentication explained simply

Brute force attacks and what can be done about them

Attacks – where the attacker tries to gain access by trying/ guessing passwords – is one of the most common attack patterns in the digital world and has become a major threat in recent years. This type of attack is not new, but it is now more of a headache than ever. Because almost all common approaches to defence bring other problems with them, which can sometimes be more serious for companies than the brute force attack itself. The classic brute force defence mechanisms often not only protect against attacks but also exclude real users or massively restrict user comfort. In this webinar, we have shown different forms of the brute force attack and common defence mechanisms. Among them are classical defence mechanisms, the Brute force Protection via Device Cookies of OWASP, and the multi-factor authentication. As a transition to the next webinar, we gave a short outlook on the world after the password.

FIDO2 and password-free authentication explained simply

A World without passwords will be the future! In this webinar, we will discuss the FIDO2 standard with its protocols WebAuthn (W3C) and Client to Authenticator Protocol (FIDO). We first looked at the current situation regarding passwords and the associated disadvantages and then focused on the technical specification of the FIDO2 standard. Finally, we reported on first experiences and use cases with the FIDO2 standard and other passwords-less authentication methods. We also showed the transition path with which users can be introduced to password-less authentication or cross-device scenarios and how these can be handled.

Let us now look back at our experience:

The participants:

We regularly host webinars, both self-organized and in cooperation with other networks, e.g. now in October during the European Cyber Security Month. As a small side note, we were very sceptical at the beginning, whether webinars of our own would be useful and could even achieve the necessary coverage. But we are very satisfied with our previous webinars and the number of participants and feedback. Since our webinars were closed to the Alliance for Cyber Security and only accessible to a limited number of participants, we also expected lower numbers of participants. After we had planned the webinars and announced them via the Alliance for Cyber Security, we were surprised how quickly the number of registrations increased. So that these two webinars are among our most visited events.

More importantly, the number of participants is one of the most active we have seen in our webinars so far. We were particularly pleased about this because it is precisely this exchange that makes the Alliance for Cyber Security so valuable!

The cooperation with the colleague at the Alliance for Cyber Security:
The cooperation was very great. Our enquiry was processed very quickly and together we designed our first partner contributions.

We are already looking forward to our next partner contributions and are pleased that there is such a network organized by the BSI in Germany. Good job!

Blog, Blog EN

Why Happiness Team? – The cidaas support

Why Happiness Team? - The cidaas support

Why Happiness Team? – The cidaas support

Ever since we launched cidaas a few years ago, we have been developing technology, in terms of organization and processes. And we are constantly working to incorporate the vast experience we gain every day and to implement new ideas.

We would like to highlight a special organizational development in this blog – the Happiness Team.

As a product provider, especially for a Software-as-a-Service cloud service like cidaas, which as Identity & Access Management plays a central role in the digitalization of almost all companies and the IT infrastructure, customer support is very important to us. This has been a matter of course for us from the very beginning, so we have always attached great importance to good and especially fast support. Every developer knows it, when a question comes up, the Internet is consulted, the documentation is checked and it feels as if you were the only one with this question. Since an answer is essential to get ahead, contact the support is sought.

Waiting for a response for days at a time would be annoying as well as potentially shifting the timeline. It is even worse when there are difficulties in live operation and the cause cannot be found. Undoubtedly a self-explanatory API and detailed yet simple documentation are helpful and necessary. However, reliable, strong and individual setup support is also necessary to enjoy a product. That’s the way it should be!

Happy – that is the most important word! When we sat down for a small workshop a few weeks ago, one of the main topics was how we can further expand the support for our customers. We already rely on many different processes and tools: Besides documentation and API descriptions about Postman and Swagger UIs, we offer a support portal, a community platform and a chat. Our support team consists of colleagues from the development and product team as well as from our management. They support specific customers, so our team is always informative, has a deep knowledge of cidaas and knows the customer’s setup. Through continuous, intensive training, the team is familiar with a wide range of use cases and possible applications and is available to advise our customers. This constellation distinguishes our support from that of many other product manufacturers.

So, what has changed? – We have renamed our Support Team to Happiness Team!

Although this may sound somewhat platitudinous, it expresses the fact that we are not just a pure support team, but it is our mindset and objective to make our customers happy with cidaas.

Learn more about us or meet us personally and contact us here in the chat.