YubiOn FIDO Logon was introduced to a company developing IT infrastructure.
This company has multi-factor authentication requirements for Windows PCs used for system maintenance, and was looking for a logon security product that uses an external authentication device. In addition, that product needs to be available for use in the Azure AD environment. So we proposed "YubiOn FIDO Logon" which supports Azure AD accounts.
Introduced Organization
IT infrastructure company
Deployment scale:
Introduction of YubiOn FIDO Logon
Introduced multi-factor authentication using YubiOn FIDO Logon to over a dozen PCs.
Users use Azure AD accounts.
Adoption of authentication device YubiKey
Arrange YubiKey 5 NFC for all PC users.
Issues
The customer had the following issues:
They want to strengthen the logon security (multi-factor authentication) of a specific shared PC for connecting to the company system.
PC is joined to Azure AD and users log on with an Azure AD account.
PC is shared by multiple users by switching accounts.
There is no time until the introduction time, so they want to introduce it in as short a time as possible.
Solution
Introducing YubiOn FIDO Logon
By introducing YubiOn FIDO Logon to the target PC and using an external FIDO device (YubiKey), Windows logon can now make multi-factor authentication. This product can obtain a very strong security strength by adopting the FIDO protocol.
In addition, since it is a cloud service, there is no need to prepare a separate server on the customer side.
As an initial setting, install the client software on the target machine and configure the Azure AD account and YubiKey allocation settings.
When logging on, each user can have their own YubiKey to log on to different accounts on shared PCs.
Assignment of second and subsequent accounts
When you register an Azure AD account and a YubiKey assignment, the assignment information is saved on the server. This assignment information is automatically reflected on the second and subsequent PCs with client software installed through the network, so there is no need to configure settings for each PC.
Therefore, the time required for initial registration can be shortened.
※ When assigning to a local account, settings must be made for each PC.
Passwordless
As a feature of YubiOn FIDO Logon, if you enter your Windows password immediately after logging on for the first time, you do not need to enter the password from the second time onwards. Users do not have to worry about remembering and entering passwords every time. End-user acceptance and implementation went smoothly as it made logon very easy.
This is also beneficial for administrators, who can greatly reduce the burden of password reset work by going passwordless.
※ According to a Gartner survey, it is said that 20% to 50% of inquiries to the helpdesk are password resets due to users forgetting their passwords, which is said to be quite costly.
Finally
As such, YubiOn FIDO Logon is an ideal product for deployment in an Azure AD environment.
By adopting FIDO authentication, you can ensure higher security than password authentication.
The logon operation was easy, and the load on the end user at the time of introduction was small, and we were able to introduce it in a short period.
The products, and authentication device information introduced this time are summarized below. Please feel free to contact us if you have a request.
YubiOn FIDO Logon
YubiOn FIDO Logon is a cloud service that provides multi-factor authentication using the FIDO2 protocol for PC logon. There are also convenient functions such as integrated management functions and remote control functions on the Web management console. Please check the product information page for details.
For details on the installation procedure, please refer to the configuration guide.
YubiKey sales
You can buy from our YubiKey shop or Amazon.
※ For bulk purchases and quotation requests please contact us from the contact page.