During registration of the security key, your Windows 10 device creates a new key pair using public key cryptography.
Within Azure active directory, successful authentication using security keys satisfy two-factor security verification and allow for password resets.Īs an alternative to keys that need to be inserted into USB ports, you can also purchase security keys that use Bluetooth Low Energy or NFC.ġ.2 Azure AD Authentication using FIDO2 Security Keys While WebAuthN APIs are used by web applications to access FIDO2 services, CTAP is used by a hardware platform to access hardware authenticators.įIDO2 security keys provide strong password-less authentication with an optional PIN that serves as an additional factor. The FIDO2 specification comes from the Fast IDentity Online ( FIDO) alliance and includes the W3C’s Web Authentication (WebAuthn) specification and FIDO Client to Authenticator Protocol (CTAP). This table lists other providers of similar FIDO2 keys. Here are my notes from the field.įor my testing and PoC, I used the Security Key from Yubico that supports FIDO2. For both cases, you can use either Azure AD joined or Hybrid Azure AD joined Windows 10 devices.Įarlier this year, I was involved in a proof-of concept for the more likely scenario, using FIDO2 security keys to log on to Windows 10 devices that were Hybrid Azure AD joined for SSO to both cloud and on-premises resources. Hello everyone, my name is Liju and I am a Premier Field Engineer specializing in Active Directory and Azure AD.įido2 support for single sign-on (SSO) was introduced first for cloud resources, and then expanded to include both cloud and on-premises resources.
0 kommentar(er)
