preview.jpg

How to Enroll a YubiKey for FIDO2 Passkeys and Entra CBA on macOS

Aaron Crawfis Aaron Crawfis |
Tags:

Self-Service YubiKey Onboarding - Now Available for macOS Users

For years, Keytos EZCMS has been a leading solution for onboarding to passwordless credentials such as FIDO2 Passkeys and Entra CBA on Windows and Linux. Users can simply connect their YubiKey, AuthenTrend, or Feitian security key into their device, verify their identity with an existing authentication method or scan their government ID, and a passkey plus a certificate will be automatically generated and enrolled for passwordless authentication with Entra ID.

Starting today, macOS users can also take advantage of this seamless onboarding experience. With the latest update to EZCMS, macOS users can now easily enroll their passwordless security keys for both FIDO2 Passkeys and Entra CBA, providing a secure and convenient way to authenticate without passwords. Check out the end-to-end experience here:

The Only Self-Service Solution for YubiKey Onboarding on macOS

When enrolling a YubiKey or other security key for unphishable, passwordless authentication, users typically need some form of existing authentication (which they are upgrading from) or a Temporary Access Pass (TAP) to verify their identity and enroll their security key. Plus, popular tools only provide Windows support which leaves macOS users out in the cold. Up until now organizations had to rely on IT support to manually onboard YubiKeys for macOS users, or set up a shared kiosk device for users to onboard their security keys. This process is time-consuming, costly, and creates a poor user experience.

EZCMS YubiKey Onboarding for macOS

Keytos EZCMS is the first and only solution that enables users to self-service onboard their YubiKeys for both FIDO2 Passkeys and Entra CBA on macOS. With EZCMS, users can easily enroll their security keys without needing IT support, providing a seamless and efficient onboarding experience. Plus, if a YubiKey is lost or the PIN is forgotten, users can easily reset or set up a new security key without needing to contact IT, ensuring they can always access their accounts securely.

Should I Use FIDO2 Passkeys or Entra CBA for Passwordless Authentication?

When planning your passwordless strategy, you may be wondering whether to use FIDO2 Passkeys or Entra CBA for your users. The good news is that with EZCMS, you don’t have to choose! You can easily enroll your users to both FIDO2 Passkeys and Entra CBA using the same YubiKey, providing a seamless passwordless experience across all of your applications, both in the cloud and on-premises.

Don’t have a PKI environment set up? No problem! You can start with FIDO2 Passkeys for passwordless authentication with Entra ID and then easily add Entra CBA down the line when you’re ready to take your security to the next level. With EZCMS, you can provide a flexible and scalable passwordless solution that meets the needs of your organization and users.

Self-Service FIDO2 and Entra CBA Onboarding with Government IDs - No More TAPs!

One of the biggest challenges with onboarding security keys for passwordless authentication is verifying the identity of new or remote workers who may not have an existing authentication method set up. Traditionally, organizations have relied on Temporary Access Passes (TAPs) to provide a time-limited code that users can use to verify their identity and enroll their security key. However, this process can be cumbersome and creates additional overhead for IT teams.

With Government ID verification, EZCMS provides a secure and convenient way for new and remote workers to verify their identity and onboard their YubiKeys without needing TAPs. Users can simply scan their government ID using their device’s camera, take a selfie to match against their ID, and then set up their security key for passwordless authentication. This streamlined process not only improves the user experience but also reduces the burden on IT teams, allowing them to focus on other critical tasks.

EZCMS Government ID Verification Flow

Up Your Security Game with Isolated Identities for Your Most Privileged Users

Are you looking to take your security to the next level, especially for your most-privileged environments? With EZCMS, you can easily set up isolated identities for your most privileged environments and users. Based on the latest guidance from Microsoft for Isolated Identities, you can configure your EZCMS environments to create identities in multiple Entra ID tenants.

What this means for your users is that they can verify their identity only once, and they can onboard separate identities and YubiKeys for each of their tenants and identities, streamlining what used to be a complex and time-consuming process. This not only enhances security by isolating privileged accounts but also provides a seamless user experience, allowing your most privileged users to easily manage their credentials across different environments without the need for multiple verifications or IT support.

EZCMS Multiple Identities

Onboard Remote Workers to Passkeys in macOS

We understand that identity creation is only one small part of the overall YubiKey lifecycle. IT teams still need to worry about procuring security keys, shipping them to users, and providing support for lost or broken keys. With EZCMS, we provide a comprehensive solution that streamlines the entire YubiKey lifecycle, from onboarding to ongoing management. As an IT administrator, you can request YubiKeys directly through the EZCMS portal, handle shipping logistics, and even control which YubiKeys can be used within your organization.

EZCMS Request Smart Card

Plus, Keytos offers a variety of YubiKey and other security keys for purchase directly through our store front, making it easy for organizations of any size to acquire the security keys they need to implement passwordless authentication. As your business grows and evolves, EZCMS can scale with you, providing a seamless and efficient way to manage your security keys and ensure that your users have the tools they need to stay secure.

Keytos Store

Get Started with EZCMS for YubiKey Onboarding on macOS

Want to up your security game and provide a seamless passwordless experience for your macOS users? Get started with Keytos EZCMS today and take advantage of our self-service YubiKey onboarding solution for both FIDO2 Passkeys and Entra CBA on macOS. With EZCMS, you can streamline the onboarding process, enhance security, and provide a better user experience for your users. Learn more here and set up a free consultation with a Keytos identity expert to see how EZCMS can work for your organization.

Learn More About EZCMS