Notifications
Clear all
Topic starter
08/06/2026 4:08 pm
TL;DR: Fragmented authentication creates blind spots across identity silos, while passwordless orchestration and phishing-resistant MFA aim to improve visibility and reduce friction, according to Axiad’s interview on organization-wide passwordless orchestration. The governance question is less about replacing one factor and more about how authentication choices change identity assurance, user experience, and control consistency across the stack.
NHIMG editorial — based on content published by Axiad: Organization-Wide Passwordless Orchestration
Questions worth separating out
Q: How should teams implement passwordless authentication without losing governance control?
A: Start by standardising the authentication paths that matter most, especially privileged and sensitive access.
Q: Why does fragmented MFA create security risk?
A: Fragmented MFA creates risk because different applications and user groups end up with different assurance levels, recovery paths, and exception rules.
Q: How do security teams decide where phishing-resistant MFA is most needed?
A: Prioritise phishing-resistant MFA for privileged access, remote access, and any workflow where credential theft would create immediate operational or data risk.
Practitioner guidance
- Inventory authentication silos Map every login path, MFA variant, and fallback method so you can see where assurance differs across business units and applications.
- Prioritise phishing-resistant MFA for high-risk access Require stronger authenticators for privileged, remote, and sensitive workflows where replayable factors would create disproportionate impact.
- Define orchestration rules before automation Document when the system should step up authentication, when it should fail closed, and how exceptions are reviewed so automation does not outrun governance.
What's in the full article
Axiad's full interview covers the operational detail this post intentionally leaves for the source:
- Joe Garber's explanation of how to transition from fragmented authentication into a more integrated orchestration model
- The discussion of why different MFA methods deliver different levels of phishing resistance and assurance
- The interview context around automation of key authentication actions across silos
- The video segment for teams that want the original conversation and examples in the speaker's own words
👉 Read Axiad's interview on organization-wide passwordless orchestration →
Passwordless orchestration: what it means for IAM teams?
Explore further
08/06/2026 5:35 pm
Authentication orchestration is an identity governance problem, not just a login experience problem. Once authentication is split across multiple tools and silos, teams lose a consistent view of assurance, exception handling, and risk response. That weakens both human IAM and adjacent identity governance processes that depend on reliable authentication signals. The practical conclusion is that authentication architecture should be reviewed as part of identity governance, not treated as a separate UX layer.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: What should IAM teams review when moving toward passwordless access?
A: Review recovery processes, device trust assumptions, policy exceptions, and how authentication events feed access governance. Passwordless reduces password exposure, but it does not eliminate identity assurance requirements. Teams still need to know how users are enrolled, how failures are recovered, and how controls are audited.
👉 Read our full editorial: Passwordless orchestration and phishing-resistant MFA reduce identity risk
