Abstract: Methods, systems, devices, and apparatuses for passkey authentication at an identity management platform are described. In accordance with the described techniques, an administrator of the identity management platform may enable passkey authentication for clients of the identity management platform. Once the passkey authentication is enabled, the identity management platform may display a passkey login option to users associated with the clients of the identity management platform. If a user associated with a client of the identity management platform selects the passkey login option, a device associated with the user may generate a passkey that includes a private key and a public key. The device may store the private key and transmit an indication of the public key to the identity management platform. The identity management platform may use the public key to verify the identity of the user in subsequent login attempts.

Abstract: A flexible authentication system is described herein that fluidly switches between a federated authentication model and a local short-lived token model that does not require sophisticated authentication infrastructure at the relying party site. Upon detecting an event that causes the identity provider to be unavailable for authentication, the relying party switches to a temporary token model. The system generates a bearer token or challenge associated with the user's identity and (optionally) associated with time data that limits the period during which the token is valid. The relying party communicates the short-lived token to the user using contact information associated with the user and already stored by the relying party. Upon receiving the short-lived token, the user provides the short-lived token to the relying party, and the relying party processes the token to validate the user's identity and then allows the user to access the relying party's online services.

Abstract: A flexible authentication system is described herein that fluidly switches between a federated authentication model and a local short-lived token model that does not require sophisticated authentication infrastructure at the relying party site. Upon detecting an event that causes the identity provider to be unavailable for authentication, the relying party switches to a temporary token model. The system generates a bearer token or challenge associated with the user's identity and (optionally) associated with time data that limits the period during which the token is valid. The relying party communicates the short-lived token to the user using contact information associated with the user and already stored by the relying party. Upon receiving the short-lived token, the user provides the short-lived token to the relying party, and the relying party processes the token to validate the user's identity and then allows the user to access the relying party's online services.