top of page

News & Views

New WS02 Identity Server

Some 90% of security breaches could be avoided if enterprises used multi-factor authentication (MFA).  Yet to make user sign-on convenient, many enterprises are still relying only on usernames and passwords – and avoiding other strong second-factor authentication methods.

To help enterprises combine strong security with a simple user experience, WSO2 ( has introduced passwordless authentication with FIDO2 in the newest release of WSO2 Identity Server 5.10 ( for developer-focused identity and access management (IAM).  

The passwordless authentication with FIDO2 is one of the three new enhancements that optimize WSO2 Identity Server for developers who need to build customer identity and access management (CIAM) solutions with usable but strong security in mind.  The latest version also features a new self-care portal for end-users, along with a set of RESTful APIs that enable developers to integrate any third-party systems with WSO2 Identity Server.
“An organization’s user experience is the window to creating a first impression for its capabilities and trust.  This is where CIAM enters, serving to drive an enterprise’s revenue growth by leveraging identity data to acquire and retain customers.  In short, it’s a company’s new public face,” explains,  Prabath Siriwardena, Vice President and General Manager – IAM Business Unit, WSO2.

“With our latest release of WSO2 Identity Server, we are further empowering developers to simplify authentication for end-users and support the complex architectures required for effective CIAM solutions that bring better user experiences to their customers.”

WSO2 Identity Server is a uniquely extensible, API-driven, cloud-native IAM product designed for developers that build CIAM solutions.  The open source WSO2 Identity Server incorporates the functionality to federate, authenticate and manage identities; bridge across heterogeneous identity protocols; and secure access to web and mobile applications along with API-based endpoints.

“Already, businesses and government organizations are using WSO2 Identity Server to manage up to millions of user identities,” continues Siriwardena.  “The latest release adds several new features that further empower developers to build CIAM implementations that are easier to manage and use.”

WSO2 Identity Server supports passwordless authentication using FIDO2 – a phishing-proof passwordless authentication protocol – developed as a joint effort between the FIDO Alliance and the World Wide Web Consortium (W3C).  
Registering to set up the authentication only takes a few seconds, and it frees users from having to remember complex character and number strings or take multiple steps to confirm their identities.  As a result, it is particularly effective for industries with customer-facing apps, such as retail, banking, government, telecommunications, healthcare, and insurance.

WSO2 Identity Server also features a new self-care portal designed to enhance the experiences of end-users.  The single-page, self-running app offers better performance and customizability, and includes a new user interface (UI) for an intuitive customer experience and centralized theming with Leaner Style Sheets (Less) based theme/sub-theme functionality for easy customization.

RESTful APIs are now preferred over SOAP services for modern applications and portals, and they are being used for the core management capabilities and end-user interactions that are essential for building cloud-based CIAM solutions.  With RESTful API support, WSO2 Identity Server brings the advantages of REST to IAM app developers.  

Available as an open source product released under the Apache License 2.0. WSO2 Identity Server 5.10 is backed by WSO2 Subscription, which features access to WSO2 Update for continuous delivery of bug fixes, security updates, and performance enhancements, along with WSO2 Support for 24x7 support.  

Unified pricing means customers can simply buy a WSO2 Subscription and choose the hosting model – cloud, on-premises or hybrid – based on their preferences, as well as purchase additional service and support offerings which can be found at

bottom of page