Composite image of smart card, reader and computer mouse

Tailoring an MFA Solution to Solve Your Unique Use Cases: How HID Has You Covered

In the light of increasing security threats and pressure for organizations to deploy strong MFA, such as President Biden’s executive order following the recent Colonial Pipeline attack, many security professionals are now considering MFA on a wide-scale basis across their organizations.

Following the aftermath of such events and the quickly evolving cyber threat landscape, it becomes easy for organizations to turn to MFA solutions without considering the bigger picture of how it can transform their cybersecurity posture, rather than simply adding an extra layer to employee login. MFA is not one size fits all — there are numerous factors to consider with largely varying choices from vendors.

How can you ensure that your MFA solution closes every gap to enhance security and boosts user experience, but is also versatile enough to address your unique use cases, workflows and security needs in your organization — both now and in the future?

The answer is choosing a vendor that is a one-stop shop for every part of the MFA journey.

With the market’s leading solution for managed authentication credentials and support for multiple security standards, authentication methods, and form factors, deploying a complete and versatile MFA ecosystem is made easy with HID.

Securing Use Cases to Protect Every Part of Your Users’ Working Day

Your users need to access countless resources throughout their working day, which means there’s a whole host of places where MFA could and should be incorporated. With HID’s solution, your users can use one authenticator to access every one of these resources, giving you the flexibility to protect each use case in a way that best suits your workflow. Let’s explore them all:

Personal Computers

A core element of having a productive workforce, especially considering the sharp rise of remote workers, is providing quick and easy access to personal computers and devices. With HID’s Crescendo family of authenticators, users can instantly log on to computers by inserting or tapping the smart card or security key to their device. Deploying Crescendo authenticators enables you to choose and incorporate the industry standards that best fit the nature of your security, including PKI, FIDO, PIV and OATH.

The authentication methods don’t stop there. Choose what’s best for your workforce when it comes to logging in, whether it is an automatic login using FIDO2 or fingerprint with DigitalPersona to speed up login performance.

Shared Workstations

Using workstations that are shared between multiple people poses greater threats for security compromises and is especially important in industries such as healthcare and manufacturing. With HID’s award-winning, on-premise MFA solution, DigitalPersona, users can effortlessly move between workstations, with a wide choice of authentication methods ranging from fingerprint and facial scans to access cards and PKI credentials. These roaming capabilities enable users to move between machines without needing to re-enroll credentials, providing them with an easy access when they need it.

IT Applications and Systems

Today’s organizations utilize a plethora of applications and systems to support the work they do. Secure access to Virtual Private Networks (VPNs), Microsoft Active Directory and Azure Active Directory require strong MFA protection to ensure only authorized users have access.

As the remote workforce increases, using an MFA solution that enables your employees to access company resources from anywhere, at any time, is essential.

HID’s versatile MFA solution protects everything from cloud applications, such as G Suite, Dropbox and Office365, all the way to legacy desktop applications — so that no resource goes unprotected. With WorkforceID Authentication, you can enable strong cloud-based authentication supported by a broad range of authenticators, including mobile. In addition to this, our solutions are easily integrated with your existing SSO solutions to provide strong MFA.

Data Encryption and Digital Signatures

Here is where your MFA solution can start to do more than simply securing a login. With the right MFA vendor, you can also secure communication and data with public key certificates by digitally signing and encrypting emails, by encrypting data at rest and even digitally signing documents to confirm their provenance. By using our cloud-based credential management platform, you can easily issue and manage PKI certificates on Crescendo and third-party credentials — giving you the flexibility to manage the lifecycle of your digital identities and credentials in one place.


HID’s MFA solution portfolio is unique in that it offers high assurance enterprise strength credentials that can secure access to physical spaces in addition to digital resources. By incorporating employee badges for converged physical and logical access, you can enjoy the cost efficiency and ease of streamlining multiple authenticators across your organization. Crescendo authenticators support a wide variety of technologies including SEOS, MIFARE, DESFire and Prox.


Wherever there is sensitive data, there is a risk of a security compromise including printing. This is especially important in environments where patient and customer data are being printed regularly. HID Crescendo can protect unauthorized people from seeing such data by ensuring that documents are only released after the authorized user is authenticated at the printer — using PKI smart cards or SEOS enabled contactless cards.

HID’s Versatile MFA Portfolio Goes Beyond to Provide Flexibility for You and Your Workforce

In addition to accommodating for the broadest array of use cases, HID’s MFA solutions allow you to configure a complete ecosystem to both improve security and offer ease from a management perspective. HID provides a cloud-based credential management solution, WorkforceID Digital Credential Manager, that works with both Windows and MacOS to efficiently issue and manage digital credentials via a single system on an enterprise scale. The credentials issued through WorkforceID Digital Credential Manager are compatible with the PIV specifications, providing out-of-the-box compatibility with many systems such as Windows, Mac, some Linux distributions, PIV-enabled multi-function printers, etc. In addition, WorkforceID Digital Credential Manager provides you with the choice over Private Dedicated or Publicly Trusted Certificate Authority (CA), without the need of having to install additional CA instance or hire any PKI expertise.

WorkforceID Digital Credential Manager enables you to centrally manage and deploy Crescendo authenticators with digital certificates, with high return on investment. If preferred, Crescendo authenticators can be leveraged out-of-the-box, with any FIDO2, PKI or OATH compliant system, giving you the flexibility to choose your MFA framework.

When it comes to customizing the MFA experience for your workforce, an award-winning authentication solution like DigitalPersona not only provides users with numerous authentication possibilities, including biometrics, but also gives IT administrators the opportunity to truly fine tune employee use cases through customizable policies and workflows that meet enterprise specific security requirements. Versatility in terms of security is extended with DigitalPersona, allowing you to take advantage of open standards, such as FIDO, PKI and OATH to support more authenticators and OpenID Connect and WS-Fed (Web services federation) to support more applications.

If flexibility for you means utilizing cloud-based MFA that requires automatic updates and no software to install, WorkforceID Authentication provides exactly this. As well as integrating with Azure Active Directory, it is compatible with any RADIUS compliant infrastructure and can be deployed as it is or with our standards-based APIs for custom enterprise integration.

Say Goodbye to Siloed Solutions — Get Every Piece of the MFA Puzzle From a Single Vendor

So how do HID’s MFA solutions fit together? It's simple — we provide:

  • Crescendo smart cards and security keys for seamless and secure employee authentication
  • On-premise and cloud-based (SaaS) credential management software to issue and manage digital certificates on smart cards and security keys
  • On-premise and cloud-based (SaaS) authentication services for secure access to VPN, applications and networks

To learn more, visit our revamped multi-factor authentication webpage.

Maria MacRitchie leads the product marketing efforts for the IAM Workforce Authentication solution globally. She has over 15 years of experience with B2B and B2C product, services and marketing communications within the IT and telecom industries. Maria has been with HID for seven years, holding various communication roles within the Professional Services, PACS Cloud Services and Product Marketing teams.