Beyond Identity Passwordless

Are you or your customers tired of remembering passwords?

This plugin provides a secure and convenient solution to log into your WordPress website. With Beyond Identity, you can say goodbye to password fatigue and improve your website’s security.

Once activated, you will see:

• Passwordless UI that integrates seamlessly on with the WordPress login page.

• Beyond Identity Settings page for WordPress admins to configure their Beyond Identity account.

• Beyond Identity filter on the WordPress Dashboard’s Users page to view which users use passkeys.

Before you begin

You will need a Beyond Identity account to configure this plugin.
Beyond Identity currently uses “Universal Passkeys,” which are specific to Beyond Identity and have two benefits over your average FIDO2 passkeys.
1. Universal Passkeys never leave the device on which they are created. This makes them much more secure.
2. Universal Passkeys work everywhere. Some browsers (Firefox) do not support passkeys. Universal Passkeys work everywhere, even on Firefox.

Coming soon: Vanilla WebAuthn FIDO2 passkeys. These passkeys allow syncing between devices and work with passkey managers.

As a Beyond Identity admin, you will have several configuration options including selecting passkey flavors and customizing the login page.

Admin Set Up

First, sign up for a free developer account by visiting: https://www.beyondidentity.com/developers

Once you have a developer account you will need to set several values for the OIDC server. Follow the steps below to configure a Beyond Identity application. Most defaults are fine. However make sure the following are set:

1. In your Beyond Identity Console, navigate to the Apps tab under Authentication
2. Tap Add an application
3. Set Protocol to OIDC
4. Set Client Type to Confidential
5. Set PKCE to Disabled
6. Set Redirect URIs to include https://${your-website-domain.com}/wp-admin/admin-ajax.php?action=openid-connect-authorize
7. Set Token Configuration > Subject to id
8. At the top of the page, navigate to your application’s Authenticator Config tab
9. Set Configuration Type to Hosted Web
10. The recommended defaults for Authentication Profile are fine but feel free to modify
11. Tap the Submit button to save your changes

Finally, go to your WordPress dashboard and find the Beyond Identity Settings page. You will need three generated values from your newly created application. You can find the Issuer URL, Client ID, and Client Secret in the Beyond Identity Console’s application that you just created.

For more information on how Beyond Identity works, visit the developer documentation.

For help, reach out on Slack.

Shortcodes

This plugin also provides shortcodes that can be used on any page or post. These include:

[beyond_identity_login_button]  

Generates a button to log in with a Beyond Identity Universal Passkey.

[beyond_identity_auth_url]  

Generates the authorize URL to log in with a Beyond Identity Universal Passkey.

For information on shortcode customization attributes, please refer to the documentation available in the Settings > Beyond Identity dashboard page after activating the plugin.