TL;DR: Growing demand for API-driven CIAM and passwordless authentication that fits existing identity stacks is reflected in KuppingerCole’s Rising Star recognition for Authsignal, with FIDO2, biometrics, and policy-based orchestration called out in the report. The real issue is not the rating itself, but the move toward modular identity fabrics that reduce friction without weakening access control.
NHIMG editorial — based on content published by Authsignal: Authsignal recognized as a KuppingerCole Rising Star in CIAM and passwordless authentication
Questions worth separating out
Q: How should security teams modernise customer authentication without rebuilding their identity stack?
A: They should use an API-first integration approach that lets new authentication methods sit alongside existing identity providers, policy engines, and application flows.
Q: Why does passwordless authentication reduce risk in CIAM?
A: Passwordless reduces dependence on shared secrets, which are a common source of phishing and account takeover.
Q: What breaks when risk-based authentication rules are poorly governed?
A: The user experience can remain smooth while the control model becomes inconsistent.
Practitioner guidance
- Map the authentication decision points Identify where passwordless, MFA, step-up, and fallback decisions are made across the customer journey.
- Define controlled fallback paths Treat recovery, reset, and alternate-factor routing as governed control points.
- Review policy rules for explainability Keep risk-based rules readable enough for security, privacy, and support teams to understand why a user was challenged or allowed.
What's in the full article
Authsignal's full post covers the operational detail this post intentionally leaves for the source:
- The vendor’s breakdown of its passwordless and MFA orchestration capabilities across passkeys, biometrics, SMS, email, push, and wallet-based credentials.
- The article’s explanation of how its no-code rules engine fits risk-based decisioning and customer journey control.
- The source commentary on Identity Fabric design principles and how they map to modular deployment choices.
- The recognition context from KuppingerCole and the report language that underpins the Rising Star designation.
Passwordless CIAM and identity fabrics: what should IAM teams notice?
Explore further
Passwordless CIAM is becoming an architecture problem, not just an authentication choice. The article’s emphasis on API-driven orchestration and Identity Fabric design shows that customer identity now depends on how authentication services interoperate with existing IDPs, policy engines, and application journeys. That means the control question is no longer whether passwordless exists, but whether it can be governed consistently across a fragmented stack. Practitioners should treat the integration layer as part of the access control surface.
A few things that frame the scale:
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, according to The 2024 Non-Human Identity Security Report.
- Another finding from the same report shows that 88.5% of organisations acknowledge their non-human IAM practices lag behind or are merely on par with human IAM.
A question worth separating out:
Q: What is the difference between passwordless authentication and identity fabric?
A: Passwordless is an authentication approach, while identity fabric is an architectural model that connects multiple identity services through consistent policy and orchestration. Passwordless can be one service inside an identity fabric, but the fabric is what lets teams govern many identity capabilities together across environments.
👉 Read our full editorial: Passwordless CIAM recognition shows demand for flexible identity fabrics