Digipass® S3 Authentication Software

Simpler logins, stronger security—powered by passkeys and beyond. Passwords remain one of the leading causes of breaches, driving up costs for organizations and frustration for users. Passkeys, based on FIDO (Fast Identity Online) standards, provide a stronger, simpler alternative by turning devices people already use into secure authenticators.

Digipass S3 Authentication Software helps organizations move beyond passwords with phishing-resistant passkeys, while also supporting a broad range of modern authentication methods including Microsoft Quick Authentication, intelligent passwordless authentication, out-of-band methods, OTP, and Secure Payment Confirmation.

With adaptive policies, device and risk awareness, and deep integration with leading IAM platforms, the software ensures security and usability work together in real-world environments.

The portfolio includes:

• Digipass S3 Server
• Digipass S3 Mobile SDK
• Digipass S3 Web SDK

These are also available as a delivery option through Digipass S3 Cloud for organizations that prefer cloud-based deployment.

Enterprises can adopt passkeys and modern methods while continuing to leverage existing OTP and MFA solutions, giving them flexibility to modernize at their own pace and scale.

Features

Adaptive rulesets

Code-independent policy supports registration and authentication. Policies can combine multiple signals, including SDK-generated signals, contextual information, and third-party risk data. Flexible sequences avoid unnecessary prompts (e.g., first-time device use, high-value transactions, or untrusted devices).

Authentication methods

• Passkeys and FIDO protocols (UAF, U2F, FIDO2/WebAuthn), including synced and device-bound passkeys
• Quick Authentication and intelligent passwordless authentication
• Autofill, Conditional UI, Conditional Create, and custom authenticator names
• Attestation and FIDO Metadata Service support
• Out-of-band authentication (QR codes, push, app-less)
• Secure Payment Confirmation (SPC) and PSD2-SCA
• OTP (email, SMS) and ID verification through third-party services

Device & risk signals

Device health, model, type, manufacturer, OS version, SDK version, IP address, location, velocity, Wi-Fi network, device “on-call,” and friendly fraud detection. Supports contextual integration with third-party risk engines and behavioral biometrics.

Administration & lifecycle management

Web-based console for policy management, import/export, and analytics. Role-based admin permissions. Supports onboarding, recovery, suspension, and deprovisioning with tamper-evident logs for compliance.

Analytics & reporting

• Detailed statistics on authentication adoption, device usage, transactions, and deregistrations. Tamper-evident audit logs for compliance reporting.
• Integration & extensibility
• REST APIs, JWT authorization, and plugin support (e.g., session management, crypto). Out-of-the-box integration with Keycloak, ForgeRock Identity Platform, Microsoft Azure B2C, and PingFederate.
• Deployment options
• Cloud or on-premises deployment with container support (Docker, Kubernetes). Available as FedRAMP High and DoD IL5 service (via UberEther).

Traditionally, one of the biggest challenges of authentication systems has been to balance security with user experience. Due to the FIDO standard, both elements work together seamlessly to provide the highest security standards, along with a transparent and agile user experience.

- Financial services executive