Contact Us

FIDO2 Key Onboarding for Remote Employees in Azure

How to onboard FIDO2 keys or Yubikeys in Azure for remote users
19 Feb 2024

How to Get Started with FIDO2 Key Onboarding in Entra ID for Remote Employees

Opting for passwordless authentication with FIDO2 keys marks a significant stride towards achieving a “zero trust” security architecture. However, an often underappreciated aspect of this transition is the logistical planning required for distribution. Neglecting this can lead to substantial bottlenecks and delays during the rollout phase. To streamline this critical step, we have compiled a comprehensive list of frequently asked questions and essential prerequisites. Continue reading for insightful guidance on efficiently and effectively distributing hardware keys to your workforce, ensuring a smooth and practical implementation of this advanced security measure.

Choose Your FIDO2 Hardware Key(s): First things first, you’ll need to select which FIDO2 security key you’d like to use. A quick internet search will demonstrate to you that there are literally dozens of places to purchase keys, making it a relatively easy process to obtain said hardware. …Or so you’d think. Oftentimes you’re going to need to chat with a salesperson and may be ignored altogether if your order isn’t to the volume of that particular vendor’s liking. Find a company that’ll work with any size order to make the procurement process as smooth as possible. Watch below to see how we were able to help a SMB go fully passwordless using YubiKeys!

Where are the FIDO2 Keys Going?: Nearly every organization needs to accommodate remote employees, if they aren’t already fully-remote. Modern times require remote-first solutions that are designed specifically for remote employees across all borders. Be sure to think about what countries these things are going to be shipped to, the taxes associated with the purchase and delivery, and any other regionally specific regulations that are to be adhered to.

Can You Accommodate Sourcing & Distribution of FIDO2 Keys In-House?

Organizations of every scale, from government entities to grammar schools, must deliberate on their capability to internally manage the sourcing and distribution of YubiKeys. This consideration is crucial, as the process demands specific logistical expertise. It’s important to weigh the option of engaging a third-party vendor, which can guarantee a smooth and efficient implementation. Additionally, cost factors should be a primary consideration. In-house management might necessitate hiring new personnel, which could exponentially inflate costs. Outsourcing to a specialized vendor, conversely, can offer a more cost-effective solution while ensuring professional handling of the entire process.

How to Ship FIDO2 Keys to Remote Employees

Acknowledging the specialized skills of your IT professionals is crucial. They are, after all, hired for their expertise in information technology. Their valuable time should be directed towards utilizing tools like YubiKeys to enhance and fortify your organization’s cybersecurity framework, rather than navigating the logistical complexities of ordering and distributing these devices.

This logistical responsibility aligns perfectly with the services offered by Keytos. Our EZCMS, a pioneering passwordless authentication onboarding CMS for Entra ID, is specifically designed to alleviate this burden. We utilize our extensive infrastructure to manage the shipping and logistical challenges associated with deploying YubiKeys, irrespective of your organization’s size.

Keytos boasts a robust global infrastructure, enabling us to collaborate with local vendors worldwide for efficient and cost-effective delivery of YubiKeys. For instance, if your U.S.-based company requires 500 YubiKeys in India, our system promptly activates our network in India to identify the most advantageous vendor, ensuring a seamless, economical, and swift fulfillment of your order. This approach not only saves time and costs, particularly in import taxes, but also spares you the typical complexities associated with international logistics of YubiKey distribution.

How to Validate FIDO2 Keys for Remote Employees

To enhance the security and integrity of the process when distributing YubiKeys globally, it is essential to ensure that these devices reach their intended recipients. To achieve this, our organization has developed the EZCMS government ID verification system. This advanced system streamlines the onboarding of new users by leveraging a passwordless mechanism. It requires users to scan their government-issued ID along with their facial biometrics. This data is then meticulously cross-referenced with the organization’s HR database, ensuring a match. This method offers a seamless, zero-touch onboarding experience, simultaneously ensuring that only verified and authorized personnel gain access to the organization’s systems. This robust verification process not only enhances user convenience but also fortifies organizational security.

What is a YubiKey Attestation Certificate?

When you use EZCMS from Keytos, you don’t just get easy, inexpensive YubiKey shipping. You get access to the best CMS for Azure with the highest level of security and cryptographic attestation. EZCMS was created to guard the most critical of identities. YubiKey’s Attestation certificate allows EZCMS to not only cryptographically validate that the YubiKey being enrolled has not been interfered with, but also allows us to confirm that the YubiKey has been assigned to the user that is requesting the account. This, then, adds an extra attestation layer protecting organizations from supply chain attacks, and it is only possible with EZCMS’s industry-leading technology working hand-in-hand with industry leaders.

What is the Best FIDO2 Onboarding Tool for Remote Employees?

In today’s zero-trust environment, organizations are compelled to fundamentally reevaluate their user onboarding strategies. Embracing a Content Management System (CMS) tailored for the contemporary workforce is imperative. Such a system should offer robust capabilities for remote, passwordless authentication onboarding, coupled with sophisticated logistics software for global YubiKey management. This approach is indispensable for a seamless transition to passwordless operations within Azure. EZCMS stands as an exemplary tool in this regard, facilitating a range of Entra ID passwordless authentication methods. It not only eradicates the reliance on single-use passwords but also significantly reduces IT helpdesk inquiries. Most importantly, it enhances organizational security, ensuring an unphishable and more secure digital environment.

You Might Also Want to Read