Navan, a multinational business travel and expense management company, was looking to strengthen its security posture and improve UX by deploying stronger MFA methods. Learn why Navan chose Descope to help provide their users with secure, phishing-resistant, and flexible MFA across their web and mobile apps.
About Navan
Founded in 2015, Navan (formerly TripActions) is a business travel and expense management platform with a presence in over 40 markets across the globe. With over 2900 employees and five acquisitions, Navan operates at enterprise scale while also having several avenues for future growth.
Providing a secure and seamless digital customer experience has been a cornerstone of Navan’s success. The company serves a wide variety of stakeholders including:
EAs and travel managers
Finance and expense teams
Employees
Each of the above stakeholders has unique expectations regarding security and user experience during onboarding and repeat app visits. Their roles, levels of access, and sensitivity of actions that can be performed all differ.
Ofer Ben-David, EVP Engineering at Navan said:
“Navan is business-critical for our customers, and authentication is hence business-critical for us. Imagine a business executive on the go who wants to make travel changes but has trouble logging in to our platform – an experience like that is fair cause to switch providers. We take this seriously.”
UX + security = strong MFA
Having MFA for customer accounts always makes sense, but not all MFA methods are created equal. Rather, all methods exist on a security-UX spectrum and each organization must make its own determination for which method aligns best with their user preferences and security goals.
The Navan team were seeking a customer MFA method that was user-friendly, did not disrupt current UX workflows, and followed the tenets of strong authentication by being tough for attackers to phish. They landed on email magic links as the most ideal choice for their customers.
Ofer said:
“We wanted to explore adding magic links as a strong MFA option to supplement our username-password authentication flow. After doing a thorough review of the available providers, we decided to go with Descope as we felt their product, user experience, and support aligned the most with our needs.”
Secure MFA at warp speed with Descope
Navan went live with magic links in four days with Descope. Closely collaborating with the Navan team, harnessing the power of Descope Flows, and leveraging the platform’s interoperability with SAML and OIDC resulted in quick time to value without major changes to existing CIAM systems.
Ofer said:
“The Descope team’s responsiveness was lightning fast. We initially spoke to them on Friday – their engineers were in our office on Sunday to help with the implementation. Actions like that made us realize that Descope is a true partner for the long haul.”
Descope’s visual workflows have helped Navan be more flexible with their MFA implementation across apps. While they use magic links for their web apps, they are exploring a more mobile-friendly solution based on enchanted links for their mobile apps. And if other strong MFA methods become relevant in the future, Navan can simply add it to their existing Descope Flow without touching their codebase.
Ofer said:
“Partnering with Descope has helped Navan enhance both our user onboarding experience and security posture. The flexible nature of Descope Flows enables us to adapt better to changing business or security needs without burdening our developers.”
Descope is a flexible, drag & drop CIAM platform that helps organizations easily add authentication, authorization, and identity management to their apps. Customers use us for initiatives such as passwordless authentication, SSO, identity federation, strong MFA, identity orchestration, and fraud prevention.
To get started with Descope, sign up for a Free Forever account. If you have questions about our platform, book time with our auth experts.
