Mosaic by Transmit Security is the only solution that enables you to to secure and orchestrate passkey journeys throughout the customer identity lifecycle. Mosaic’s seamless integration with Azure AD B2C and Entra External ID offers everything you’ll need to achieve this: passkeys, orchestration, fraud prevention, identity verification and strong device identification.

Although passkeys are secured with public key cryptography based on the FIDO2 standard, there are steps in the passkey lifecycle that introduce vulnerabilities. This is because certain scenarios require or enable users to use their original authentication method (often a password) as a fallback during passkey registration, account recovery and even authentication. There are also risks associated with lost or stolen devices and insufficient step-up authentication, allowing attackers to perform high-risk actions with a compromised passkey.

By building on top of Azure AD B2C or Entra External ID with Transmit Security’s outcome-driven passkey solution, you can secure and streamline every step of the customer identity lifecycle.

• Orchestration continuously ingests data from Transmit Security’s AI-driven fraud detection engine. Leveraging AI and ML, it analyzes hundreds of telemetry data points to analyze risk and trust in real time. With behavioral biometrics, threat intelligence and network intelligence, the fraud detection engine determines if the user is the account owner or a bad actor and generates recommendations to Trust, Allow, Challenge, or Deny. Orchestration then triggers the appropriate passkey user flow instantly.

• Strong, multi-layered device identification is another key differentiator that sets Mosaic apart, providing a robust alternative to traditional device ID that relies on cookies and other fraudable identifiers, which are increasingly obscured by browser privacy protections. With a combination of device crypto-binding and device fingerprinting, Mosaic verifies that the device belongs to the legitimate account holder and ensures the user registering the passkey is the rightful owner.

• Identity verification (IDV) can be invoked to verify for new and returning users, ensuring it’s the legitimate account owner who is registering, authenticating or recovering a passkey. Only Transmit Security provides native, risk-aware IDV that examines photo IDs, selfie liveness and facial biometrics within the context of real-time risk/trust signals. AI and ML models detect fake IDs, deepfakes, synthetic identities and other tricks that slip past point solutions.

By combining Mosaic and Azure AD B2C or Entra External ID, you’ll not only secure passkey journeys but also optimize CX as customers enroll, login, recover and authenticate — for a complete, end-to-end CIAM strategy.

Let up help you tap the full potential of passkeys — Request a demo!