Your European and GDPR-compliant Customer Identity & Access Management (CIAM) Provider on Engity

Entities

Mon, 04 Dec 2023 00:00:00 +0000

In IT, an entity refers to a single and uniquely identifiable information object. It can be an existing or an abstract object. The following entities are used in Engity.

API

Wed, 15 May 2024 00:00:00 +0000

Available Resources:

Readable Documentation: The API documentation is crafted to be clear, concise, and easy to navigate. Endpoint details, request/response formats, and usage examples are presented in an intuitive and developer-friendly manner.

EU Cybersecurity & Data Protection Update Q4-2025

Tue, 20 Jan 2026 00:00:00 +0000

As it is tradition to note at the beginning of every digest: no quarter is boring, but every single one has its own, very distinct flavor.

Secure Funding to Finance Growth!

Mon, 01 Dec 2025 00:00:00 +0000

Research grants - secure funding

Ask us How You Can Finance Our Services With Funding!

Would you like to take Identity and Access Management (IAM) in your company to a new level of security, but are unsure how to best finance the necessary investments? As a provider of professional IAM solutions, we know that technology companies invest considerable resources in research and development - and that’s exactly where we come in. We support innovative companies in Germany in taking advantage of attractive subsidies and, in the best case scenario, financing our services up to 100%.

Cloaking (Phishing)

Tue, 11 Nov 2025 00:00:00 +0000

Recent studies show that over 90% of all cyberattacks begin with phishing. And with an estimated 3.4 billion phishing e-mails sent worldwide every day, phishing remains a lucrative business for cybercriminals.

What is the Best Protection Against Hacker Attacks, or How Can I Protect Myself Effectively Against Attacks?

Tue, 28 Oct 2025 00:00:00 +0000

With the ongoing digitalization, an ever-increasing part of the value chain is shifting to the Internet. As a result, more data can be found online.

Engity's Unique Selling Propositions (USPs)

Wed, 22 Oct 2025 00:00:00 +0000

Engity compared to its competitors

Why is Engity the Right Identity Provider for Me?

Engity is a rapidly growing Identity Provider that offers all the standard services and access factors of a modern access technology provider. Nevertheless, we already stand out thanks to the modern, lean, and cloud-native architecture of our IT infrastructure, which was built from scratch based on the market and technology experience of established, mostly US-based competitors. Our modern platform technology not only allows us to scale virtually at will, but also enables us to offer many unique technological and service features.

EU Cybersecurity & Data Protection Update Q3-2025

Tue, 14 Oct 2025 00:00:00 +0000

You may have heard this before: “America innovates, China replicates, and the EU regulates.”

OpenID Connect Provider: How to Find the Right Partner for A Seamless Authentication

Tue, 07 Oct 2025 00:00:00 +0000

In today’s digital landscape, where security and user experience are paramount, OpenID Connect (OIDC) emerges as a game-changer in authentication. Understanding how to utilize OpenID Connect providers can significantly enhance your applications, making the login process smoother and more secure. Imagine a world where users can sign-in seamlessly, without juggling multiple passwords or worrying about data breaches. This article will demystify OpenID Connect, empowering developers and businesses alike to harness its capabilities. From exploring the fundamental concepts to discussing the choice of providers, we’ll cover everything that is essential to unlock the potential of seamless authentication. Let the right OpenID Connect provider help you master the challenges of user-friendly authentication in a secure way.

What is Brushing Scam? How to Protect from this Sneaky Online Fraud?

Tue, 30 Sep 2025 00:00:00 +0000

In today’s digital age, online shopping offers unparalleled convenience but lurking behind the ease of pressing a “buy now” button is a gloomy threat: the brushing scam. This insidious form of online fraud involves deceitful sellers shipping items to unsuspecting victims, often to inflate their sales figures and improve their ratings. For many, the first hint of trouble comes in the form of unexpected and unsolicited packages arriving at their doorsteps, accompanied by confusion and concern. But fear not—by shedding light on this sneaky scam, we empower ourselves to protect our wallets and personal information. In this article, we’ll explore the tactics used by scammers, share real-life stories, and equip you with important tips to better recognize and combat the rapidly evolving brushing scam. Join us as we unmask this deceptive ploy and ensure your online shopping experience remains safe and secure.

Password-Spraying-Attack

Tue, 05 Aug 2025 00:00:00 +0000

Password spraying attacks belong to the group of brute force attacks, but differ significantly in how the attackers proceed. While attackers in a brute force attack generally focus on one user account and try out any number of passwords, a password spraying attack is carried out on countless user accounts simultaneously using one or a few passwords.

Social Logins & Social Sign-Ups as Easy Access to Your User Account

Mon, 28 Jul 2025 00:00:00 +0000

Authentication using Social Logins is a process of identification that allows an end-user to use their existing social network`s user account credentials to log in to a third-party application or system. Social Logins eliminate the requirement to create new account credentials for every new website and application where a login functionality exists. Hence, this may be called a kind of single sign-on method for end-users. The idea behind this is that the end-user can use their personal information stored within the social network and share it with other applications. The exchange of information between the different providers is based on the technical standards OpenID Connect and OAuth.

EU Cybersecurity & Data Protection Update Q2-2025

Tue, 15 Jul 2025 00:00:00 +0000

Despite its (public and often well deserved) image of bureaucratic overregulation, the EU has its moments of clarity. Doing the right thing at the right time in (mostly) the right manner. A good example of this is the NIS2 directive, aimed at bolstering cybersecurity and resilience while also establishing a framework for much better cooperation between the member countries through coordination, information-sharing, and joint crisis response.

What are Man-in-the-Middle Attacks?

Fri, 11 Jul 2025 00:00:00 +0000

Definition of a Man-in-the-Middle (MitM) attack

If an attacker intercepts data sent between two entities (user, company, server), this is called a Man-in-the-Middle attack (MitM attack for short). The attacker has complete control over the data traffic and can read, intercept and even manipulate the information sent to use it for malicious purposes. In doing so, the attacker pretends to be the respective communication partner and thus obtains passwords, access data, account data, TANs, etc.

What is Credential Stuffing?

Tue, 01 Jul 2025 00:00:00 +0000

In the fast paced digital landscape, securing your online accounts becomes more and more essential. As part of the development, credential stuffing is a popular cyber threat and is based on individuals’ tendency to reuse passwords across multiple platforms. Attackers use this tactic to exploit stolen username or e-mail credentials and password combinations, gaining unauthorized access to personal accounts and in combination with it sensitive data. With cybersecurity attacks becoming increasingly sophisticated, it’s essential to understand how credential stuffing works and, more importantly, how you can protect yourself from this sinister risk. In this blog article, we’ll dive deeper into the mechanics of credential stuffing and prepare you with practical strategies to safeguard your accounts, ensuring that your digital life remains secure. Don’t let cybercriminals compromise your safety - equip yourself with the knowledge to stay one step ahead.

Custom Enterprise Single Sign-On Authentication

Mon, 23 Jun 2025 00:00:00 +0000

What is Enterprise Single Sign-On Authentication?

Every day, more and more employees are expected to handle a growing number of passwords for various applications. Employees either start using passwords more than once, sharing them, or forget their login credentials. As a result, passwords can be stolen or leaked more easily and this leads to a data security at risk. Furthermore, efficiency, user experience, and user-friendliness are compromised.

Best Keycloak Alternative: You are no longer happy with Keycloak?

Fri, 13 Jun 2025 00:00:00 +0000

Engity offers you the right Keycloak Alternative

You have experienced some challenges while growing with Keycloak?

Have you tried Keycloak? Are you dissatisfied with its performance, scalability, feature set, experiencing unplanned downtime during solution updates, or looking for a fully functional model with support? Do you lack the expertise to implement, operate, and support your own self-hosted Keycloak platform? Even though Keycloak is free, have you found that consulting support and infrastructure costs negate the cost argument? Or do you simply want to outsource your authentication services to experts? If you are familiar with any of the subsequent challenges Engity is your top Keycloak alternative:

Complex operations

Keycloak gives you the freedom to set up and operate your authentication management system following your needs. However, this requires trained security specialists as well as developers who are not only capable of setting up an IAM platform but also responsible of constantly managing and scaling the platform over time. Additionally, you need to implement the underlying IT infrastructure and maintain it over time.

Keycloak Top Alternatives: Other Authentification Method Needed?

Fri, 13 Jun 2025 00:00:00 +0000

What is Keycloak?

Keycloak is a well-known open-source Identity and Access Management (IAM) solution based on Java allows websites, applications, portals and services to authenticate and authorize users. It enables the administration of users, authorizations and roles and can be deployed both on-premises (locally on servers) and in the cloud.

What is a Keylogger?

Tue, 13 May 2025 00:00:00 +0000

A keylogger (also known as a keyboard logger) records and monitors the data entered by a user on the keyboard. This can be either all the data entered or just specific keywords such as passwords or PINs and similar. In the past, keyloggers could only capture analog keystrokes, but modern keyloggers can now also record mouse movements, screenshots or virtual key presses.

Is My Enterprise Login System Respecting Latest Security Standards?

Tue, 06 May 2025 00:00:00 +0000

In today’s digitalized world, there are many myths about how what a successful and secure password authentication system should look like.

DeviceAuth: Keyboardless Device Login & Authentication

Fri, 02 May 2025 00:00:00 +0000

DeviceAuth as Standard Authentication Process for Devices without a Keyboard

TVs, set-top boxes, and gaming consoles were originally developed to provide consumers with a pre-defined set of services. A TV for example was built to show linear TV program via TV cable or satellite. The evolution of the Internet has changed this quite a bit. Formally stupid devices were connected to the Internet and offered immediately smart new opportunities. The most important innovation was the establishment of on-demand and customizable (streaming) services. In order to be able to offer these new customizable services, users must register and log in to use the services.

How to Remember a Strong Password, or: An Exploration of Security in the Digital Age

Fri, 02 May 2025 00:00:00 +0000

In today’s world, where digital activity has proliferated into every aspect of our lives, the challenges of maintaining online security have never been more pressing. The growing number of platforms necessitates an increasing number of passwords. In today’s technology-driven world, it seems that every system, device, and account requires its own set of unique password-creation rules. Some require an 8-digit, some for a 12-digit password. Others require a mix of lowercase and uppercase letters, numbers, and symbols while some exempt e.g., symbols. Amidst the backdrop of an expanding digital landscape, users are often encumbered with the task of managing a plethora of passwords. These alphanumeric combinations guard everything from our professional correspondences to personal interactions.

Passkeys – Secure Passwordless Authentication and Login Method using Biometics

Fri, 02 May 2025 00:00:00 +0000

Passkeys in combination with Biometrics as Innovative Approach to the Classical Authentication Method

Passkeys are an innovative authentication method designed to enhance online security by replacing traditional passwords with a more secure system based on cryptographic keys and supported by the FIDO alliance consortium. Essentially, a passkey consists of two components: a public key and a private key. The public key is stored on the server, while the private key remains securely on the user’s device. Within the authentication process the web application communicates with the user’s Authenticator (e.g. device wallet or Password Manager) through their local browser or app based on the so called WebAuthn interface. Contrary to username and password authentication which can be compromised while transmitted over the Internet, this dual-key approach minimizes the risk of password theft, as only the private key on the user’s local device can unlock access to an account.

Should I Use a Password Manager or the One-Password Solution?

Wed, 30 Apr 2025 00:00:00 +0000

Having strong and reliable account protection is crucial for users who prioritize their security. A password manager can help enabling users to effectively implement a single strong password solution by adding an additional layer of protection. By securely storing all passwords in one place (the password manager’s vault), the password manager simplifies the user’s online security. This ensures that the user can easily access their accounts while maintaining robust protection against unauthorized access of all user’s sensitive information. With just one master password to remember, users are assured the utmost security while avoiding the hassle of trying to recall multiple complex passwords. The password manager does the job of securely storing and generating strong passwords for all users’ accounts. This significantly reduces the risk of being hacked, if the tool is used correctly.

Efficient Multi-Tenancy Applications & Multi-Tenancy Architectures as Game-Changer for Customer Satisfaction, Partner & Affiliate Management

Tue, 29 Apr 2025 00:00:00 +0000

What is Multi Tenancy or the Meaning of Multi Tenancy?

Multi tenancy is a software architecture concept that allows multiple independent instances of one or more applications to operate within a shared environment. This approach is characterized by the following key aspects:

What Is Identity and Access Management (IAM)?

Tue, 22 Apr 2025 00:00:00 +0000

IAM-Definition

IAM stands for “Identity and Access Management”. An IAM platform combines rules, policies, processes, and technologies to allow authorized users to access IT resources (e.g., an application, a portal, an intranet, a device, etc.) The goal is to manage digital identities and give the right people access to the right resources. Often similar terms such as IdM (Identity Management) are used interchangeably.

EU Cybersecurity & Data Protection Update Q1-2025

Tue, 08 Apr 2025 00:00:00 +0000

There are quarters we cover in our Cybersecurity & Data Protection digest during which times seems to move faster than usual. The first three months of 2025 was one of them. This time, the focus is not so much on many small stories but a few big ones that may shape the landscape for the next years – or maybe decades.

Password Length vs. Password Complexity: Or Should It Be Password Strength?

Tue, 25 Mar 2025 00:00:00 +0000

For years, passwords have been the trusted method for user authentication across devices and systems. They have become an integral part of our daily routines. They are ingrained in our lives, serving as a familiar and widely used tool for gaining secure access.

What is Phishing?

Tue, 11 Mar 2025 00:00:00 +0000

Phishing: The dangers of the digital ocean or why phishing works so well

The term “phishing” (a combination of the words “password” and “fishing”) refers to an attempt to steal sensitive information, such as usernames, passwords, and credit card information, or to induce a transaction or download of malware. Attackers use fraudulent e-mails, text messages, phone calls, or websites as a starting point. As fraudsters’ tactics have become more sophisticated, this form of cybercrime has evolved over the years to become a serious threat to individuals and businesses.

What is a Dictionary Attack?

Tue, 18 Feb 2025 00:00:00 +0000

What is meant by a dictionary attack?

In a dictionary attack, hackers use automated tools to systematically try out a large number of predefined possible passwords in a short period of time. These passwords are typically extracted from a predefined dictionary containing words, phrases and characters. The attackers rely on the fact that many people choose weak passwords that can be easily guessed using this method. The combination with additional automated rules, such as the insertion of special characters and numbers, further increases the probability of success of a hacker attack, as more and more users are combining a simple word with numbers and/or special characters for their password.

Directors and Managers Are Directly Liable for Data Protection Breaches

Mon, 10 Feb 2025 00:00:00 +0000

Liability for data protection violations is nothing new. Even before the GDPR came into force, the legal systems of the EU countries provided for civil and criminal sanctions for the violation of data protection provisions. The GDPR now establishes a broad claim for damages in Art 82 (1):

EU Cybersecurity & Data Protection Update Q4-2024

Tue, 21 Jan 2025 00:00:00 +0000

As we always say at the beginning of our quarterly Cybersecurity and Data Protection digest: no quarter ever was boring. Yet the fourth quarter of last year was a bit different than the previous ones.

What is a Brute Force Attack?

Tue, 07 Jan 2025 00:00:00 +0000

In a brute force attack, hackers attempt to guess passwords or other credentials to gain access to endpoints and/or user accounts. The attackers try any combination of passwords (trial and error) to get the correct information for a particular user account. Hacking a password can take from seconds to virtually forever, depending on the length and complexity of the password. Depending on the technological structure and therefore the security level of the respective access technology of the portal, application or device, as well as the strength and complexity of the passwords used, password access can practically never be cracked. This is because it is up to the platform operator to decide how many combinations an attacker can test per user in a given period of time (keyword: lock-out functionality).

Hacker Attacks on User Accounts and the Search for Weaknesses in the Underlying Access Services: Myths and Facts about Hacking

Tue, 17 Dec 2024 00:00:00 +0000

Almost every day, the headlines report new hacker attacks on entire IT systems or the people who use them. The number of systems and users affected is growing every year, as is the damage caused by data theft, industrial espionage and digital sabotage. According to a study by Bitkom, Germany’s association for the digital industry, the damage to the German economy alone will amount to more than 200 billion euros by 2023. From a business perspective, cyber risks are constantly increasing, not least due to more targeted attacks from Russia and China. Cyber-attacks will be the biggest business risk in 2024 and beyond.

Engity’s Advanced & Open-Source SSH-Server Bifröst Using OpenID Connect

Wed, 04 Dec 2024 00:00:00 +0000

What is a SSH Server?

As the backbone of many critical systems and applications, an SSH server serves as an essential gatekeeper, safeguarding your valuable infrastructure and upholding the integrity of your online operations. At its core, an SSH server provides a secure and encrypted communications channel, allowing mostly administrators and developers to access remote systems, execute commands and transfer files with unparalleled confidentiality. With the ability to control user permissions, monitor activity, implement robust access controls or manage IT systems in general, it is one of the most powerful tools within an admin’s toolbox. By leveraging advanced cryptographic protocols, a SSH server ensures that your infrastructure including your sensitive information remains protected from prying eyes, safeguarding your organization’s most valuable assets.

Terms of Service

Sat, 09 Nov 2024 00:00:00 +0000

Version: 1.4

1. Scope of Services, License

Engity shall make the Services available to Customer according to these Terms of Service and applicable law and regulations.
Engity grants Customer the
- non-sublicensable,
- non-exclusive,
- nontransferable (except as expressly permitted in 12)
  right during the Term to allow Customer to access and use the Service in accordance with the Documentation, solely for Customer’s business purposes.
Customer agrees and acknowledges that the Services are intended to be used in connection with services and/or infrastructure provided by Customer itself or third parties (“Third Party Services”). Engity has no influence over such Third-Party Services and cannot be held responsible for their availability or proper functioning.
The Services are not intended for use in critical infrastructure or for military use.

2. Prices and Billing

Unless otherwise indicated, prices are listed excluding VAT (if applicable).
Within EU but outside of Germany, Customer is advised that Engity must add the applicable VAT if Customer does not provide its VAT identification number. Outside EU, VAT shall be handled according to applicable legal requirements.
The price shall adjust once yearly (on January, 1st, but not before the expiry of at least four (4) contractual months) in accordance with the German Producer Price Index for Services (Erzeugerpreisindex für Dienstleistungen) as published on the website of the Statistisches Bundesamt (German Federal Statistical Office) at https://www.destatis.de/.

3. Use Restrictions

Customer will not, directly or indirectly, reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services (“Software”); modify, translate, or create derivative works based on the Services (except to the extent expressly permitted by Engity or applicable law).
Customer will not rent out or license out the Service.
Customer will use the Services only in compliance with all applicable laws and regulations. Customer is responsible for all activities conducted under its and its Users’ logins on the Service.
Customer agrees to, and will not attempt to circumvent, the limitations or protective measures of the Service.
The Services are not intended for use in any country where their use would violate local law including import or export controls.
Engity may make available or provide to Customer updated versions of Services.

4. Term and Termination

Unless otherwise stipulated, the Agreement is concluded for an initial period of twenty-four (24) months. It is extended by twelve (12) further months in each case it is not terminated by either Party with at least three (3) months’ notice to the end of the respective term.
Either party may terminate this Agreement
1. in the event the other party materially breaches this Agreement (in particular does not pay fees due) and does not cure such breach within thirty (30) days of such notice, or
2. immediately in the event the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. Instead of terminating this Agreement, Engity may, at its own discretion, suspend the Customer’s access to the Service until the breach of Agreement has been cured.
Either Party may terminate this Agreement by notice with immediate effect for good cause.
Unless otherwise stipulated, Freemium Subscriptions can be terminated with a notice period of one (1) month.
Any termination notice must be made in at least text form.
For the avoidance of any doubt, termination of this Agreement shall have no effect on any outstanding obligations. The confidentiality obligation set forth herein shall survive termination.

5. Technical Integration, Support, and Data Processing

If personal data are being processed by Engity on behalf of Customer, such processing of personal data will be subject of a separate data processing agreement between the data controller and Engity (the “DPA”).
Support and Technical Integration Services can be obtained by Customer through a separate agreement.

6. Service Levels

Definitions.
1. “Available” or “Availability” means that the Core Services of the Engity Platform responds successfully to Customer API Calls and users can perform regular interactions.
2. “Core Services” means the Engity Authentication Services.
3. “Customer API Call” means a call by Customer or Customer’s End Users to an Engity Core Service API in a Customer Directory.
4. “Downtime” means times in which the Core Services are not Available. “Downtime” does not include any time in which the Engity Platform is not Available because of:
  1. scheduled or emergency maintenance,
  2. Force Majeure Events,
  3. load or penetration testing by Customer, or
  4. use of beta or experimental features or services.
5. “Failed API Call” means a Customer API Call that does not return the call or returns an error. This excludes excused events, such as
  1. failed Customer API Calls due to client-side application errors outside of the Engity Platform’s control, such as calls to:
    1. a custom database,
    2. third-party IdPs,
    3. Rules, Hooks or Actions,
    4. non-Core Service Engity extensibility points, and
    5. features not strictly required for a Customer API Call, and
  2. Customer API Calls that do not reach Engity Core Services due to errors outside of the Engity Platform’s control (e.g., due to government firewalls or IP blocking).
6. “Directory” means a logical isolation unit, or dedicated partition of a particular Engity Platform instance; the dedicated share may be configured to reflect the needs of the specific Customer business unit using the share.
Service Levels
1. For paid plans, Engity maintains an average Availability per calendar month for the Core Services of at least 99.9% (“Availability Level”).

EU Cybersecurity & Data Protection Update Q3-2024

Tue, 29 Oct 2024 00:00:00 +0000

The third quarter of 2024, in terms of data protection and cybersecurity, was interesting, to say the least.

Password Check: How Secure is My Password? And How Can I Test It?

Mon, 28 Oct 2024 00:00:00 +0000

Attention! Hackers have struck again!

It is the largest password leak in history and now the third record-breaking dump of private and sensitive data records published in 2024. The list so far:

Access Solutions for Non-Digital People

Wed, 02 Oct 2024 00:00:00 +0000

Alternative Authentication Methods for Analog People

Older, sick and care-dependent people in particular, but also small children of pre-school age or illiterate people find it difficult to participate in digital life (digital participation). However, access to digital platforms is often the real problem, as this requires registration and regular authentication during use.

EU Cybersecurity & Data Protection Update Q2-2024

Thu, 08 Aug 2024 00:00:00 +0000

We often open our quarterly data protection and cyber security digest by stating that the space never seems to be boring. Never was this truer than in the last quarter.

Multi-tenancy Architecture at Low Costs using Engity's Fully Customizable Environments for Directories

Wed, 31 Jul 2024 00:00:00 +0000

Multi-Tenancy Environments in Identity and Access Management

Customization of front-ends and databases for user & user groups, including look & feel, pricing, rule sets, and permissions is very limited due to tenant/directory technology. Engity’s new Multi-Tenancy Environment approach not only brings scalability without limitations but also full customization opportunities to the digital world. It is a Game Changer for Partner Management and Affiliate Marketing by making new business models possible at an affordable price point.

The EU NIS-2 Directive: What Your Business Needs to Know and Do

Wed, 24 Jul 2024 00:00:00 +0000

The aim of NIS 2 is to make sure that so called “essential” and “important” entities are resilient against cyber threats. If your business falls under the sectors outlined by this directive, understanding and complying with its requirements is crucial.

EU Data Protection Update Q1-2024

Tue, 11 Jun 2024 00:00:00 +0000

The data protection landscape seems to choose one or two dominant topics for every quarter, maybe just to avoid sensory overload. In this fashion, the first quarter of 2024 saw increased regulatory activity in the field of employee data protection and monitoring on the workplace. In particular, administrative fines were handed out but also help and guidance given by the respective privacy regulators.

Is Your Identity & Access Management (IAM) GDPR-Compliant?

Thu, 21 Mar 2024 00:00:00 +0000

Identity and Access Management always involves the processing of personal data. This is because credentials such as an email address and password, or in case of passwordless logins a magic link, etc., must be transferred and compared with stored data. Additional data, such as a phone number or even biometric data, is often required when two-factor authentication or biometric identification comes into play. In addition, the access data is the key to all other data to which the user has access. If, somehow, the Identity and Access Management system can be breached or compromised, identities may be stolen, or valuable data can be exposed.

Identity and Access Management (IAM) - Why It Matters and What You Need to Do

Fri, 08 Mar 2024 00:00:00 +0000

Every website, every app, every online service with a login functionality needs to allow its users to authenticate themselves and must assign them rights and privileges: decide what those users can do, what data they can read, write, modify, and delete.

Good Data Protection Makes for Good Business

Wed, 28 Feb 2024 00:00:00 +0000

Data and algorithms are the new assets to protect

As individuals, businesses and society at large, we spend more and more time online leaving an ever-growing digital footprint. We transfer data that are condensed into profiles and reveal much about our personalities as well as our political preferences and tastes as consumers. Whoever has access to this data can influence people, steal identities, and cause harm.

Company Headquarters and Server Location - Both Must be Right for Data Protection

Sat, 24 Feb 2024 00:00:00 +0000

It’s a platitude that data protection is important. Yes: data is the oil of the 21st century, data protection is a compliance task, and a personal data breach can spell the end of a company’s reputation with customers and suppliers. Every company knows this.

EU Data Protection Update Q4-2023

Fri, 09 Feb 2024 00:00:00 +0000

We often start our data protection digest by noting that there is no such thing as a “boring quarter” in this space. And this holds true for Q4/2023 as well.

Cloud IAM or IDaaS vs. On Premise Identity and Access Provision

Tue, 09 Jan 2024 00:00:00 +0000

Engity is a cloud-based IAM or access provider. We deliver IDaaS (Identity as a Service). We do this because we believe that in most cases IDaaS is advantageous when compared to on-premise access management solutions.

EU Data Protection Update Q3-2023

Tue, 07 Nov 2023 00:00:00 +0000

The data protection landscape has never been boring in recent years. Yet the third quarter of 2023 was a particularly interesting one as some clear themes emerged more visibly than in previous quarters. Some of those developments we shall look at in this report.

Trans-Atlantic Data Privacy Framework (TADPF): Fragile Wanting, and Not GDPR Compliant?

Fri, 14 Jul 2023 00:00:00 +0000

New Adequacy Decisions for EU-US data transfers introduced

On July 10, the EU Commission adopted an adequacy decision based on the Trans-Atlantic Data Privacy Framework (“TADPF”). The Commission is satisfied that the level of protection of personal data in the United States is comparable to that in the European Union. Personal data can therefore flow freely from the EU to the US as long as the receiving company in the US participates in the TADPF. Further safeguards or alternative transfer tools, such as standard contractual clauses, are no longer required.

Engity's European Data Protection Update Q2/2023

Mon, 10 Jul 2023 00:00:00 +0000

The data protection landscape stayed interesting in the second quarter of 2023.

Engity's EU Data Protection Update Q1/2023

Thu, 27 Apr 2023 00:00:00 +0000

The first quarter of 2023 may easily have been one of the most exciting quarters in privacy and cyber security – ever.

EU Data Protection Update Q4 / 2022

Fri, 20 Jan 2023 00:00:00 +0000

The last quarter of 2022 saw no shortage of interesting developments in data protection and, in particular, data security. There were lots of activity in the industry as well as on the legislative and administrative side. The EU in particular reached a political agreement with the US regarding data transfers and started to move towards adoption of this “Privacy Shield 2.0”. At the same time, tech giants Microsoft and Meta made serious attempts to fix some obvious holes in their obligations to guarantee proper privacy of their user’s data while Apple seriously tarnished its positive image in this regard.

EU-US Data Transfers under Renewed Scrutiny – the Shopify Case

Wed, 28 Dec 2022 00:00:00 +0000

Data transfers between the EU and the US are again under legal scrutiny. This time the culprits are not Google Analytics, Office 365, or video conferencing software. Instead, a German data protection watchdog investigated Shopify and the infrastructure services surrounding it, in particular Cloudflare.

The Technical Implementation of Your IT Landscape Has to Be GDPR-Compliant

Mon, 07 Nov 2022 00:00:00 +0000

Standard relationship between Data Protection Officer and Company

It is common knowledge by now and understood by most companies that they not only need a Data Protection Officer but also must comply with data protection regulation in general. As more specialized data protection knowledge is often not available in-house, companies tend to hire an external Data Protection Officer (DPO) who takes over this responsibility.

EU Data Protection Update Q3-2022

Tue, 11 Oct 2022 00:00:00 +0000

The third quarter of the year is typically a time, where even privacy activists, lawmakers, lawyers, and administrative people are tanning on the beach. Yet in 2022 there was a flurry of activity, discussions, and developments.

Multi-Factor Authentication (MFA) (often called Two-Factor Authentication)

Wed, 28 Sep 2022 00:00:00 +0000

What is Multi-factor Authentication?

Authentication with username and password is generally a very secure way to log in to an application, if done correctly. However, due to weak chosen passwords by the user as well as re-used or shared passwords, millions of user accounts have been hacked and passwords breached. Using more than just a password for authentication but rather additional authentication factors increases the security level of your user account tremendously.

Classical Authentication with Username (E-mail) and Password

Fri, 05 Aug 2022 00:00:00 +0000

What is Username and Password Authentication?

Username and password authentication is the most commonly used and best-known method to authenticate a user. It is the traditional method for logging into portals, applications, infrastructure, systems, etc. The authentication principle is based on the “something you know” (the password) factor.

Custom Authentication for Your Registration, Sign-Up & Login Process

Fri, 05 Aug 2022 00:00:00 +0000

Authentication Solution following Your Corporate Design

Customize the Look and Feel of Your Identity & Access Management Solution

Corporate Identity and Corporate Brand Management become increasingly important in our digitalized world as users expect a user-friendly and tailor-made customer journey from brands they can trust. Consequently, it is our ambition to offer our customers a customized authentication solution following their needs.

Custom Look & Feel

A user or customer usually gets in contact with an authentication solution quite early in their customer journey of consuming a digital product or if buying a physical good online. Hence, it is important that the access management solution can be fully customized to support companies in convincing users from logging in. This can best be achieved if the company’s Corporate Branding is fully respected in terms of logo, colors, text, fonts, etc.

Customized Mailings

Despite using the Corporate Branding writing an e-mail to customers, it is equally important to customize e.g. welcome, password reset, or error messages to the needs of the companies and its users.

Custom Localized Text

Online services interacting with people from different countries and cultures need a tailor-made and customized local / regional approach, including different languages when approaching these different groups. Engity makes it easy to categorize users in different user groups to address each of them in the right language as well as with the specific local characteristics.

Custom Domain or Your Subdomain Using Engity's Service

Engity offers two alternatives how to authenticate a user. Authentication of a webservice can be performed via a subdomain of Engity’s App (e.g. example.engity.app) or by implementing the authentication service within the customer’s own domain universe (e.g. id.example.com). Using an Engity subdomain is very simple, fast, and cost efficient. However, end-users can easily see in the URL, that company is using a third-party authentication provider right away. If a company does not want to show that it is using an outsourced Identity and Access Management solution, a customer domain is the right choice.

Maximum Possible Customization Using Hooks

Webhooks

Engity service calls your web application to allow individual customization following your own logic.

Common Hooks

Solution for standard cases, e.g. validating approved e-mail domains in sign-up process.

Server-side Hooks

Similar uses cases like webhooks, but managed operations on Engity’s servers. No own infrastructure needed.

Looking for a Customized User Experience in Identity & Access Management

You want to source an Identity and Access Management solution from a third party? But you do not want to give up your own look and feel? Customization is important for you? Then Engity is the right place for you. Let us discuss which part of your authentication solution you want to have customized!

Easy-Ensure Strong Password Check at Sign-Up for a Secure Authentication

Fri, 05 Aug 2022 00:00:00 +0000

Cybercrime is becoming increasingly more commonplace, and the cause is in the majority of cases that compromised passwords are stolen. There are many methods by which hackers can obtain personal passwords to your online accounts. To give you some idea, these may include:

EU Data Protection Update Q2-2022

Fri, 05 Aug 2022 00:00:00 +0000

From the vantage point of data protection and privacy, the second quarter of 2022 was characterized by concerns about IT security against the backdrop of the war in Ukraine. Yet the quarter also saw an accelerated pace of legislative and administrative activity as well as some enforcements.

Passwordless Authentication using Magic Link or Login Link

Fri, 05 Aug 2022 00:00:00 +0000

What is Passwordless Authentication?

With the increasing number of cyber-attacks on the classical password-based authentication method, passwordless authentication is becoming more and more popular. The authentication method is changed from something you know (the password) to something the user has (e.g., smartphone) or something the user is (e.g., fingerprint). There is no longer a need to remember a password.

Real-time Push Notifications as Part of an Intelligent Authentication Solution

Fri, 05 Aug 2022 00:00:00 +0000

Real-time Push Notifications as Part of an Intelligent Authentication Solution

Engity’s Identity and Access Management solution is built flexibly to allow a maximal possible customization of notification services for the various events in real-time. Companies can easily define events e.g.:

Seamless Cross Browser & Device Interaction during Registration Process

Fri, 05 Aug 2022 00:00:00 +0000

More and more websites and applications demand a sign-up to get access to content, bank account, e-mail or to be able to shop or to watch a movie. With time, registration processes became more and more standardized and a confirmation e-mail usually completed the sign-up with the validation of the user’s e-mail.

Breached Password Detection within Engity's Authentication Solution

Thu, 21 Jul 2022 00:00:00 +0000

Breached Password Detection Should Be a Standard Feature in Every Authentication Solution

Every year again, the steadily increasing number of passwords exposed in data leaks is shocking. In many cases, in addition to the password also the respective username or e-mail address and hence the combined login credentials are compromised and lead to an even larger and more widespread threat. The consequences range from simple identity theft to financial losses.

Single Cross Device Login: Log in One Device but Get Access on Multiple Devices without Another Login

Thu, 21 Jul 2022 00:00:00 +0000

Standard Authentication on Several Devices

Over the last years, it became increasingly common to use multiple devices at the same time. No matter if you have used a computer, a smartphone, a tablet, a smart-watch or another intelligent device, you generally had to login to each and every device before you were able to start working with them. As a consequence, you had to authenticate yourself on each device separately with username or e-mail and password. This exercise was annoying, not user-friendly and always wasted time.

User Sign-up and Registration Without the Need of an E-mail Account

Thu, 21 Jul 2022 00:00:00 +0000

Standard Registration Process as Part of an Authentication Solution

It is an essential part of IT security and data protection that every employee of a company has independent and individual access (logins) to the IT systems. This is the only way to track who has performed which action in the systems and when. The reasons for this are manifold. On the one hand, this is to prevent unauthorized persons from gaining access to the systems. If there are only shared company accounts, employees will sooner or later be careless with these general login credentials, since no one can prove who passed on the login credentials anyway. On the other hand, actions can only be assigned to employees with individual user accounts. This is particularly important in order to be able to professionally answer queries or to uncover criminal behavior and to be able to meaningfully differentiate authorized from unauthorized access by third parties (like hackers). Last but not least, it is essential and legally required to protect personal data within the framework of the General Data Protection Regulation (GDPR).

EU Data Protection Update Q1-2022

Sat, 25 Jun 2022 00:00:00 +0000

Laws, regulation, and data protection practices change faster than ever before. In the first quarter of 2022, many of the developments in the field concerned data transfers to so called third countries. These are countries where the European General Data Protection Regulation (GDPR) is not applicable and regarding which the EU commission has not issued an adequacy decision. Such transfers need legal grounds in order to be permitted. There have been many new developments in this area.

GDPR-compliant IAM solution

Fri, 01 Apr 2022 00:00:00 +0000

Data protection built-in

Engity CIAM is GPDR compliant

Engity has highest standards in technical data protection and avoids data transfers to third countries.

Cloud Data Centers in the EU

To avoid data transfers into non-GDPR countries.

Engity is headquartered in the EU

US companies are subject - even under EU-US Data Privacy Framework - to Patriot-Act and Cloud-Act.

Designed with data security in mind

While not sacrificing ease of implementation and user experience.

Constant further development and testing

Engity keeps you covered even when the technical or legal landscape changes.

Why Data Privacy matters for an Identity & Access Management Provider

At Engity, we believe that data protection and privacy are not just necessary to be compliant with laws and regulations, but also provide a competitive advantage. Businesses and organizations have neither an interest in administrative fines nor data outflows, reputational damage, or loss of trade secrets. For this reason, we created the Engity CIAM platform as a fully GDPR-compliant cloud-based identity and access management solution.

Technical GDPR-Compliance Audit

Fri, 01 Apr 2022 00:00:00 +0000

Core Authentication Features

Design yourself a superb customer journey for your users and select the appropriate features for the best possible user experience!

Infrastructure Providers, e.g.

Data Centers
Identity & Access Management Solution
Marketing Automation Solutions
Customer Support Solutions

Correct implementation of tools, such as

Cookie Consent
Captcha
Address Completion Services
Content Delivery Networks (e.g. for fonts, images, external data etc.)

Online Office Apps & Workforce Tools, such as

HR-Software

Contact Us at Engity

We can help you if you need a GDPR-compliant, fully scalable and customizable Identity & Access Management solution.

404