Keyless

Keyless enhances customer and employee experiences and protects their privacy through passwordless multi-factor authentication that eliminates fraud, phishing and credential reuse - from anywhere, at any time, and from any device.

By leveraging patented Zero-Knowledge Biometrics (ZKB™), we enable organizations to adopt biometric authentication by eliminating their need to store and process biometric data, passwords, personal cryptographic keys and other sensitive information.

Keyless exceeds strictest regulatory requirements such a GDPR, CCPA, PSD2 and complies to open banking authentication requirements.

This integration uses an OpenID Connect Enterprise Connection to configure Keyless passwordless authentication for specific applications and users.

Prerequisites

This guide assumes that you have an active Auth0 account and that you have an ongoing Keyless deployment. To set up a new Keyless account, please reach out to info@keyless.io.

As part of you onboarding, you should have received the following from Keyless:

• URL of the discovery document of the Keyless OpenID Connect server
• Client ID and shared secret

Integration

Integrating Keyless with Auth0 can be done quickly and easily. Click the Add Integration button above and fill in the following fields:

• Connection Name - Choose the name you wish to give this connection, typically keyless
• Issuer URL - URL of the discovery document provided to you by Keyless
• Client ID - Client ID provided to you by Keyless

Click Create, then click the Settings tab to set the following fields:

• Type - Select "Back Channel"
• Click Show Issuer Details and copy the URL that's in Authorization Endpoint into the Token Endpoint field, then change the last part of the path from authorize to token
• Client Secret - Client Secret provided to you by Keyless
• Scopes - Scopes representing the user profile attributes requested

Once these changes have been made, click Save Changes at the bottom.

The Callback URL value shown here needs to be provided to Keyless once the Connection is configured.

Configuration

Follow the steps below to learn how to configure Keyless passwordless authentication for specific users and groups.

1. Go to Connections > Enterprise
2. Click on OpenID Connect, and select the Keyless connection you created.

To automatically authenticate users from specific domains using Keyless, in the Home Realm Discovery option under the Login Experience tab and add the list of domains you wish to federate to Keyless.

To display a button for the Keyless connection in the login page, go to the Connection Button option under the Login Experience tab and configure:

• Button display name Keyless
• Button logo URL Use the link below

https://media-exp1.licdn.com/dms/image/C4E0BAQFDwJ-OtPDyYg/company-logo_200_200/0/1587148494548?e=1620864000&v=beta&t=kHimSmVz2wZIVJi4v1RGjftLpdgrEH8iNRpbXkDxI0Q

This will allow users that have enrolled with Keyless to authenticate without passwords to your applications. Click Save.

Configure which applications Keyless is enabled for under the Applications tab.

User Registration

Before your users can start authenticating with Keyless, they will need to enroll using their mobile app. A full end-user guide is available at docs.keyless.io/userguide.