.png)
Today we’re announcing the general availability of Enterprise Credential Custody, a new capability of Nametag’s platform which enables organizations to deploy secure onboarding and self-service password/MFA resets without sharing your directory credentials. This is a game-changer for enterprises using cloud-based directories who want the account protection benefits and cost savings that come with Nametag solutions, but are under strict orders to keep their directory credentials under lock and key.
Why would I need Enterprise Credential Custody?
After rolling out phishing-resistant MFA, many IT and security leaders experience the same realization: Any authentication factor is only as secure as its enrollment and reset process. Without robust identity controls to protect the credential itself, your entire IAM stack is built on sand.
To close this gap, more and more enterprises are deploying workforce identity verification (IDV) solutions. By verifying the actual person behind the screen before issuing or resetting credentials, organizations can protect their workforce identity infrastructure from North Korean IT workers, Scattered Spider-style social engineering, and other threats.
But implementing IDV in the workforce isn’t always straightforward. Enterprise IAM is a web of legacy systems, competing priorities, and compliance hurdles. In some organizations, it’s not just difficult, it’s against policy to share directory credentials with any third-party vendor, no matter how secure that vendor is.
That’s why we built Enterprise Credential Custody.
How does Enterprise Credential Custody work?
Enterprise Credential Custody is a new deployment option within Nametag’s platform that allows organizations with strict restrictions on sharing directory credentials to benefit from Nametag’s workforce-grade Deepfake Defense™ identity verification and account protection solutions.
At the core is the Nametag Directory Agent, a lightweight, open-source, auditable service that runs locally within your infrastructure. Our Directory Agent acts as a secure intermediary between Nametag and your directories, allowing you to, for example, enable secure self-service MFA resets for certain users while maintaining full custody of your directory credentials.
Enterprise Credential Custody is available today for all Nametag customers. Consult our Directory Agent dev docs to get started, or contact us.
Supporting More Workforce Identity Verification Deployments
As workforce-grade identity verification becomes the new baseline for enterprise account security, Nametag is leading the way with solutions that are uniquely secure and deployable at scale.
This announcement follows Enterprise Data Custody (“bring-your-own-storage”) and on-premises directories and custom IAM support. Enterprise Credential Custody is yet another way that we’re enabling a wider variety of organizations to meet the full spectrum of stakeholder requirements when deploying workforce identity verification solutions.
With these and other features, we’re continuing to make it easier for every organization to enjoy the security benefits, cost savings, and user experience improvements of Nametag, no compromises required.
