Dress Code Elevates Security Standards with New Authentication Infrastructure

Transitioning to a Secure and Scalable Authentication Framework

Dress Code Inc., headquartered in Chuo-ku, Tokyo, is reshaping its authentication infrastructure by migrating to a dedicated, independent environment. This move aligns with the guidelines set forth by the National Institute of Standards and Technology (NIST) in the United States, enabling robust authentication design.

The shift away from traditional Software as a Service (SaaS) authentication offers significant advancements. The framework now supports Single Sign-On (SSO) integration via OIDC/SAML, multifactor authentication (MFA) through authentication apps (TOTP), and step-up authentication for critical operations, all designed to meet high security requirements. The new system provides flexible control over authentication data storage regions and integrates well with existing internal ID infrastructures, addressing the security, compliance, and scalability needs of enterprise customers effectively.

Background

In recent years, the increase in the adoption of SaaS services in businesses has paralleled a rise in stringent security demands. This trend is especially notable among enterprise and listed companies where factors such as the integration with existing internal ID systems (e.g., Microsoft Entra ID) and the adoption of stronger MFA methods, such as authentication apps and biometric verification methods (WebAuthn), have become critical decision-making criteria. Enterprises require the ability to implement additional authentication measures during pivotal operations, balancing security needs with user convenience.

The previously used SaaS-type authentication systems often fell short in addressing such specific and heightened demands. To navigate this landscape, Dress Code has implemented a globally recognized open-source identity platform, transitioning its authentication structure to a dedicated independent environment that can adaptively meet stringent security policies and compliance requirements.

Achievements of the New Authentication Framework

SSO (OIDC/SAML) Compatibility

The integration with existing internal ID systems via OIDC and SAML allows seamless incorporation of Dress Code into the current login operations of user companies without necessitating substantial changes.

Risk-Based Step-Up Authentication

Employing a design based on the Authentication Assurance Level (AAL) definitions outlined by NIST, the new authentication approach maintains user-friendly login (equivalent to AAL1) for routine actions. However, when critical operations, such as viewing sensitive data or making significant changes to services, arise, the system dynamically invokes MFA (equivalent to AAL2). This capability optimizes the balance between robust security and user efficiency in business workflows.

Support for Diverse MFA Methods

Tailored to fit enterprise security policies, organizations can select from a variety of strong authentication methods, including:

- Passwordless authentication: Utilizing Touch ID or Face ID (supported by WebAuthn).
- App-based authentication: Leveraging Google Authenticator and similar (TOTP).
- SMS verification.

Multiple Email Address Integration

The design permits linking multiple email addresses to a single account, addressing practical issues such as preventing account loss during personnel changes or resignations and enhancing ID management flexibility.

External Provisioning of In-House ID

Looking ahead, Dress Code is exploring the possibility of offering its in-house ID functionality externally, promoting a future where partners could use “Log in with Dress Code” for their operations. This sets the stage for transforming the authentication framework from a core product component to a comprehensive platform for business expansion.

What is Dress Code?

"Dress Code" serves as a workforce management platform aimed at resolving structural frictions in business operations involving personnel, information systems, and administration. Historically, internal processes across departments create inefficiencies due to disparate tools, workflows, and practices leading to fragmentation and redundancy. Dress Code seeks to fundamentally reevaluate and optimize business processes in a cross-departmental and sustainable manner.

With a product structure that merges SaaS and marketplace functionalities, Dress Code tackles operational challenges that traditional single-function SaaS solutions cannot resolve. At its core, the platform incorporates a shared architecture and core database to facilitate information sharing and business process design across departments such as HR, IT, and administration.

Currently, Dress Code offers three series: "HR Force," "IT Force," and "GA Force," with plans to expand to cover up to six series, including recruitment, project management, and governance disciplines. The platform has a proven track record of usage in countries like Japan, Indonesia, Thailand, and Vietnam, and aims to continue enhancing its products and services to address essential challenges and provide value to both domestic and international users.

About Dress Code Inc.

- Company Name: Dress Code Inc.
- CEO: Yuki Ejiri
- Headquarters: 2-1-4 Tsukiji, Chuo-ku, Tokyo, Ginza PREX East 8F
- Established: September 2, 2024
- Business Activities: Design, development, and sales of "DRESS CODE" products.
- Capital: ¥1,139,089,000 (including capital reserve).
- URL: https://www.dress-code.com/

Contact Information for Inquiries

For public relations inquiries: Email: [email protected]
For product use or business partnership inquiries: Email: [email protected]
For recruitment inquiries: Email: [email protected]