.png)
Today we’re announcing the general availability of Enterprise Credential Custody, a new capability of Nametag’s platform which enables organizations to deploy secure onboarding and self-service password/MFA resets without sharing your directory credentials. This is a game-changer for enterprises using cloud-based directories who want the account protection benefits and cost savings that come with Nametag solutions, but have to keep their directory credentials under lock and key.
What problem does Enterprise Credential Custody solve?
After rolling out phishing-resistant MFA, many IT and security leaders experience the same realization: Any authentication factor is only as secure as its enrollment and reset process. Without robust identity controls to protect the credential itself, your entire Identity & Access Management (IAM) stack is built on sand.
To close this gap, more and more enterprises are deploying workforce identity verification (IDV) solutions. By verifying the actual person behind the screen before issuing or resetting credentials, organizations can protect their workforce identity infrastructure from a variety of account takeover and impersonation threats, including infiltration by North Korean IT workers and Scattered Spider-style social engineering.
But implementing IDV in the workforce isn’t always straightforward. Enterprise-scale IAM is a maze of legacy systems, competing priorities, and compliance hurdles. In some organizations, it’s not just difficult, it’s against policy to share directory credentials with any third-party vendor, no matter how secure that vendor is.
That’s why we built Enterprise Credential Custody.
What is Enterprise Credential Custody and how does it work?
Enterprise Credential Custody is a new deployment option within Nametag’s platform that allows organizations with strict restrictions on sharing directory credentials to benefit from Nametag’s workforce-grade Deepfake Defense™ identity verification and account protection solutions.
At the core is the Nametag Directory Agent, a lightweight, open-source, auditable service that runs locally within your infrastructure. Our Directory Agent acts as a secure intermediary between Nametag and your directories, allowing you to, for example, enable secure self-service MFA resets for certain users while maintaining full custody of your directory credentials.
Enterprise Credential Custody is available today for all Nametag customers. Consult our Directory Agent dev docs to get started, or contact us to request more information.
Not a customer of Nametag yet? Explore our workforce identity verification solutions, learn more about our Deepfake Defense engine, and then contact us when ready!
How does Enterprise Credential Custody support Nametag's vision?
Nametag's mission is to protect every account against imposters. An important part of that is to make sure our ready-to-use solutions are, in fact, ready to use by every enterprise.
As workforce-grade identity verification becomes the new baseline for enterprise account security, Nametag is leading the way with solutions that are not only uniquely secure against emerging threats, but deployable at scale in the real world.
Enterprise Credential Custody is yet another way that we’re enabling organizations to meet the full spectrum of stakeholder requirements, from IT and security to risk management and legal, when deploying workforce identity verification solutions.
This announcement follows Enterprise Data Custody (“bring-your-own-storage”) and our support for on-premises directories and custom IAM. With these features, we’re continuing to make it easier for every organization to enjoy the security benefits, cost savings, and user experience improvements of Nametag, no compromises required.
