Latest news with #OpenIDConnect
Techday NZ
2 days ago
- Business
- Techday NZ
Semperis warns nOAuth flaw in Entra ID risks SaaS accounts
Semperis has published new research highlighting the ongoing risk posed by the nOAuth vulnerability in Microsoft's Entra ID, which may allow attackers to take over SaaS application accounts with minimal effort. According to the research, nOAuth remains undetected by many SaaS vendors and is very difficult for enterprise customers to defend against. The vulnerability, originally disclosed in 2023 by Omer Cohen of Descope, arises due to a flaw in how certain SaaS applications implement OpenID Connect, particularly when unverified email claims can be used as user identifiers in Entra ID app configurations. This practice contrasts with recommended OpenID Connect standards. Semperis' follow-up investigation examined applications listed in Microsoft's Entra Application Gallery, finding that over a year after its initial disclosure, a substantial portion of applications remain vulnerable to nOAuth abuse. Risk to enterprises The core issue with nOAuth is that attackers require only their own Entra tenant and the email address of a target user to potentially gain full access to that person's account in a vulnerable SaaS application. Traditional defences, including Multi-Factor Authentication (MFA), conditional access, and Zero Trust policies, do not mitigate this risk. This presents a challenge for both developers and end-users. As Eric Woodruff, Chief Identity Architect at Semperis, explained, "It's easy for well-meaning developers to follow insecure patterns without realising it and in many cases, they don't even know what to look for. Meanwhile, customers are left with no way to detect or stop the attack, making this an especially dangerous and persistent threat." Through comprehensive testing of more than 100 Entra-integrated SaaS applications, Semperis identified that nearly 10% were susceptible to nOAuth exploitation. Once access is obtained via this vulnerability, attackers may exfiltrate data, maintain persistence, and potentially move laterally within the victim organisation's environment. Detection and mitigation challenges Detection of nOAuth abuse is exceptionally difficult, as successful attacks leave minimal traces within standard user activity logs. Deep correlation across both Entra ID and individual SaaS platform logs is required to identify potential breaches. Semperis' research indicates that exploitation continues to be possible, despite the initial public disclosure and vendor recommendations. Highlighting the severity of the nOAuth issue, Woodruff added, "nOAuth abuse is a serious threat that many organisations may be exposed to. It's low effort, leaves almost no trace and bypasses end-user protections. We've confirmed exploitation is still possible in many SaaS apps, which makes this an urgent call to action. We encourage developers to implement the necessary fixes and help protect their customers before this flaw is exploited further." Semperis has communicated its findings to both affected SaaS vendors and Microsoft, beginning in December 2024. Some vendors have taken steps to address the issue, while others reportedly remain vulnerable. Industry response and recommendations The Microsoft Security Response Centre (MSRC) advises SaaS application vendors to implement its security recommendations regarding user identification and OpenID Connect integration. Firms failing to comply may risk removal from the Entra Application Gallery. Semperis continues to focus on identity threat detection, with recent announcements regarding new detection features addressing other critical vulnerabilities such as BadSuccessor and Silver SAML. These findings exemplify ongoing risks within enterprise identity services, where configuration weaknesses in authentication protocols can present significant challenges for both software providers and their customers. The nOAuth vulnerability underlines the importance of not only secure development practices but also continuous monitoring as enterprise reliance on SaaS and identity federation increases. Semperis' report calls for prompt action from SaaS vendors to update their authentication implementations to address this persistent risk.
Associated Press
12-06-2025
- Business
- Associated Press
Understand Tech Unveils Major Platform Update to Empower Secure, Scalable AI Deployment for Enterprises
PARIS, FRANCE / ACCESS Newswire / June 12, 2025 / Understand Tech, a leading enterprise AI platform, today announced a significant product update designed to meet the evolving demands of security-conscious organizations. The latest enhancements focus on on-premise deployment, intelligent document generation, advanced AI capabilities, and expanded integration with enterprise tools-solidifying Understand Tech's position as a trusted solution for regulated and large-scale enterprise environments. On-Premise AI: Security at the Core With heightened concerns around data privacy and compliance, Understand Tech now supports full on-premise deployment of its AI platform. This includes Understand AI, a powerful local Large Language Model (LLM) that runs entirely offline-eliminating the need for external API calls and offering complete control over data processing. In addition, organizations leveraging AWS can now deploy the platform effortlessly using Infrastructure as Code, enabled through public Terraform templates. The platform also now supports Single Sign-On (SSO) via OpenID Connect, ensuring streamlined and secure access management. Chained Prompts: Solving Long-Form AI Output The update introduces Chained Prompts, a groundbreaking feature that overcomes the context and length limitations of traditional LLMs. Enterprises can now upload a structured sequence of prompts, which are processed step-by-step and merged into a single cohesive output. This capability is ideal for complex document generation such as contracts, technical specifications, test suites, and compliance reports. Check out the Video: Enhanced LLM Capabilities and RAG Optimization Understanding AI has been upgraded to deliver improved multi-step reasoning, structural coherence, and factual accuracy. Optimized for Retrieval-Augmented Generation (RAG), the model can now deliver more relevant and accurate results, while remaining fully offline or hosted in private cloud environments. Refined User Experience A redesigned user interface brings a host of usability upgrades including streaming replies for real-time responsiveness and a vertical model selector for simplified navigation between AI models. The chat interface also now includes a larger interactive area and streamlined navigation to enhance productivity. Deep Integration and Customization With the launch of a Custom Chat Widget, enterprises can now embed Understand Tech's assistant within their own platforms, fully customizing visual elements including iconography, color schemes, branding, and welcome messages creating a seamless user experience. Understand Tech has also integrated directly with n8n, a popular open-source workflow automation tool. This native integration enables businesses to trigger backend logic from within the chat interface, allowing actions such as sending alerts, updating databases, or calling internal APIs-paving the way for intelligent automation. In addition, CRM integration has been expanded to include Zoho CRM, alongside existing support for HubSpot, allowing businesses to directly capture and sync user information and chat transcripts. Looking Ahead: Agentic AI on the Horizon Building on this foundation, Understand Tech is actively developing Agentic AI capabilities. Set to roll out in Q3 2025, users will soon be able to configure assistants capable of scheduling meetings, triggering workflows, and executing API calls autonomously-all driven by natural conversation logic. This development is a direct response to enterprise feedback, reflecting Understand Tech's ongoing commitment to innovation and customer-centric design. Availability All features are now live and available for both cloud-based and on-premise deployments. About Understand Tech Understand Tech is an enterprise-focused AI platform dedicated to building secure, scalable, and action-oriented AI systems. With a mission to empower enterprises through flexible deployment, robust compliance, and seamless integration, Understand Tech is redefining what's possible with AI in regulated and complex environments. For more information, demos, or technical support: [email protected] SOURCE: Understand Tech press release
Yahoo
21-05-2025
- Business
- Yahoo
Strata Identity VP of Product and Standards to Discuss Future of Authorization at Identiverse 2025
Gerry Gebel to join fellow AuthZEN co-chairs to discuss next-gen authorization interoperability and open standards BOULDER, Colo., May 21, 2025--(BUSINESS WIRE)--Strata Identity, the Identity Orchestration company, today announced that Gerry Gebel, VP of Product and Standards, will speak on a panel at Identiverse 2025 focused on AuthZEN, a new working group of the OpenID Foundation aimed at standardizing authorization. The panel will explore the evolving state of modern authorization and preview progress on a new open standard modeled after OpenID Connect. Strata will also demonstrate the Maverics Identity Orchestration Platform at Identiverse 2025 booth #422. WHO: Gerry Gebel, VP of Product and Standards at Strata Identity, is a recognized expert in identity and access management, standards, and strategy. He has more than two decades of experience in senior management roles at Axiomatics, Burton Group, and Chase Manhattan Bank. Gerry also serves as a co-chair of the OpenID Foundation's AuthZEN Working Group. Other Panelists: Omri Gazitt, CEO, Aserto David Brossard, CTO, Axiomatics WHAT: Today's authorization ecosystem is fragmented, with each vendor offering their own proprietary APIs and protocols. To address this problem, the OpenID Foundation launched the AuthZEN Working Group in late 2023 with the goal of establishing open authorization standards—just as OpenID Connect did for authentication. In this session, identity architects, IAM practitioners, and application developers will learn how AuthZEN can be used to externalize and standardize authorization across their application estate. The speakers will: Outline the current landscape of authorization, including policy-as-code and policy-as-data models Share milestones from the AuthZEN 1.0 development process, including insights from the first interoperability event held at Identiverse 2024 Present a live demo featuring 15 interoperable implementations Discuss goals for the 2025 Final Specification Invite feedback from the identity community on future standardization priorities WHEN: Tuesday, June 3, 2025 from 1:30 PM – 2:20 PM PT WHERE: Panel: AuthZEN – The "OpenID Connect" for Authorization. Identiverse 2025, Mandalay Bay F, Mandalay Bay Resort, Las Vegas, NV HOW: To attend the session, register at To request a meeting with Gerry Gebel, contact Marc Gendron at marc@ or +1 617.877.7480. About Strata Identity Strata Identity enables organizations to modernize identity providers without disrupting existing infrastructure while maintaining a frictionless user experience. By decoupling identity from applications, Strata's Maverics platform unifies SSO, supports multiple IDPs simultaneously, and ensures continuous access during outages via IDP failover. Led by CEO Eric Olden—co-author of the SAML standard— Strata also created the Identity Query Language (IDQL) and open-source Hexa project to help standardize multi-cloud identity management. Learn more at and follow us on LinkedIn and YouTube. View source version on Contacts Media Contact:Marc GendronMarc Gendron PR for Strata+1-617-877-7480marc@
Business Wire
21-05-2025
- Business
- Business Wire
Strata Identity VP of Product and Standards to Discuss Future of Authorization at Identiverse 2025
BOULDER, Colo.--(BUSINESS WIRE)-- Strata Identity, the Identity Orchestration company, today announced that Gerry Gebel, VP of Product and Standards, will speak on a panel at Identiverse 2025 focused on AuthZEN, a new working group of the OpenID Foundation aimed at standardizing authorization. The panel will explore the evolving state of modern authorization and preview progress on a new open standard modeled after OpenID Connect. Strata will also demonstrate the Maverics Identity Orchestration Platform at Identiverse 2025 booth #422. WHO: Gerry Gebel, VP of Product and Standards at Strata Identity, is a recognized expert in identity and access management, standards, and strategy. He has more than two decades of experience in senior management roles at Axiomatics, Burton Group, and Chase Manhattan Bank. Gerry also serves as a co-chair of the OpenID Foundation's AuthZEN Working Group. Other Panelists: Omri Gazitt, CEO, Aserto David Brossard, CTO, Axiomatics WHAT: Today's authorization ecosystem is fragmented, with each vendor offering their own proprietary APIs and protocols. To address this problem, the OpenID Foundation launched the AuthZEN Working Group in late 2023 with the goal of establishing open authorization standards—just as OpenID Connect did for authentication. In this session, identity architects, IAM practitioners, and application developers will learn how AuthZEN can be used to externalize and standardize authorization across their application estate. The speakers will: Outline the current landscape of authorization, including policy-as-code and policy-as-data models Share milestones from the AuthZEN 1.0 development process, including insights from the first interoperability event held at Identiverse 2024 Present a live demo featuring 15 interoperable implementations Discuss goals for the 2025 Final Specification Invite feedback from the identity community on future standardization priorities WHEN: Tuesday, June 3, 2025 from 1:30 PM – 2:20 PM PT WHERE: Panel: AuthZEN – The 'OpenID Connect' for Authorization. Identiverse 2025, Mandalay Bay F, Mandalay Bay Resort, Las Vegas, NV HOW: To attend the session, register at To request a meeting with Gerry Gebel, contact Marc Gendron at marc@ or +1 617.877.7480. About Strata Identity Strata Identity enables organizations to modernize identity providers without disrupting existing infrastructure while maintaining a frictionless user experience. By decoupling identity from applications, Strata's Maverics platform unifies SSO, supports multiple IDPs simultaneously, and ensures continuous access during outages via IDP failover. Led by CEO Eric Olden—co-author of the SAML standard— Strata also created the Identity Query Language (IDQL) and open-source Hexa project to help standardize multi-cloud identity management. Learn more at and follow us on LinkedIn and YouTube.
Yahoo
24-03-2025
- Business
- Yahoo
iProov Launches Facial Biometric MFA Support Targeting Workforce Identity Theft
Device-independent biometric authentication mitigates risk of account takeovers and reduces exposure and costs associated with password resets LONDON, March 24, 2025--(BUSINESS WIRE)--iProov, the world's leading provider of science-based biometric identity verification solutions, launched iProov Workforce MFA today. This device-independent, FIDO Alliance-certified, biometric authentication solution helps organizations mitigate the risk of one of workforce security's most crucial concerns: account takeover. Using biometric authentication as part of an MFA process adds an irrefutable layer of identity confirmation to help organizations prevent significant financial losses, reputational damage, and operational disruptions. The solution can be used in conjunction with passkeys, or independently of the device, enabling it to run on users' personal and shared devices. It also reduces the exposure and costs associated with password resets while offering cross-platform compatibility and a more streamlined user authentication process. iProov Workforce MFA supports the OpenID Connect (OIDC) protocol enabling a no-code integration with major identity providers like Microsoft Entra ID, Okta, OneLogin, Ping Identity, SailPoint, and Saviynt. Securing the modern workforce continues to grow in complexity. SaaS applications are dramatically expanding the attack surface and diverse groups of employee and non-employee workers require frequent onboarding and offboarding while working from a variety of locations and devices. Traditional multi-factor authentication (MFA) solutions falter when users don't have access to their devices, hindering account recovery and access to designated systems. Password reset processes now consume 40% of help desk calls (Gartner) at an astounding average of $70 each time (Forrester). Further complicating this situation are AI-powered technologies and Crime-as-a-Service marketplaces enabling a massive fleet of upskilled and well-armed threat actors eager for large-scale paydays. iProov Workforce MFA addresses these challenges by delivering scalable, device-independent, face authentication underpinned by robust security and an effortless user experience. iProov's biometric verification with advanced liveness detection ensures that only authorized users gain access. Critical workflows are smoothly managed, without the need for IT intervention while sensitive/mission-critical systems remain secure. The solution is supported by real-time, intelligence-led threat updates and managed detection and response (MDR) from the iProov Security Operations Center (iSOC) for continuous adaptation to the evolving threat landscape. "Identities can be compromised at every stage in the user lifecycle, from the interview process through to offboarding. These risks are exacerbated by the complexities of remote work and extended workforces, exposing the vulnerabilities of traditional MFA solutions," said Andrew Bud, founder and CEO, iProov. "With no additional devices, distribution costs, integration coding or MFA fatigue, iProov Workforce MFA strengthens access management and empowers organizations with seamless, secure authentication on any device, delivering frictionless security for the whole organization." iProov Workforce MFA Unlike traditional possession-based authentication tools, iProov Workforce MFA is: Effortless MFA - By leveraging an inherence-based authentication factor, users enjoy a seamless experience where the integrated technology does the heavy lifting. Phishing resistant - Removes the reliance on shareable knowledge and possession factors to mitigate the risk of phishing and account takeover. Secure - Powered by advanced anti-spoofing liveness technology offering two levels of identity assurance, enabling organizations to balance speed and security. Reducing costs - Removes hardware token and their distribution expenses; this OIDC-compliant, cloud-based software seamlessly deploys from within all major identity providers, simplifying testing and management. Highly scalable – Ideal for organizations with frontline staff, extended workforces, and confidential, mission-critical, high-security environments. iProov's Workforce MFA can be implemented by any organization looking to enhance its workforce security posture. For further information please click here. About iProov iProov provides science-based biometric identity solutions that combine exceptional user experiences with the highest levels of assurance. The company's Biometric Solutions Suite enables secure and effortless remote onboarding and authentication, streamlining both digital and physical access experiences. Backed by a unique blend of scientific expertise, AI, and proactive threat intelligence, iProov safeguards high-value transactions and empowers organizations seeking innovative identity verification that outpaces evolving threats without compromising usability. With proven success in global deployments, iProov is a trusted partner for governments and enterprises, including the Australian Taxation Office, GovTech Singapore, ING, Rabobank, UBS, U.K. Home Office, UK National Health Service (NHS), and the U.S. Department of Homeland Security. In December 2023, Gartner listed iProov as a representative vendor in the Innovation Insight report for Biometric Authentication, and Acuity Market Intelligence listed it as a Luminary in the 2023 Biometric Digital Identity Prism. iProov was also recognized as an Innovation Leader by industry analyst KuppingerCole, Market Compass of Providers of Verified Identity 2022. For more information, please see or follow us on LinkedIn or Twitter. View source version on Contacts Louise BurkeGlobal PR Sign in to access your portfolio
