Person Using Cell Phone to Authenticate

Why It’s Time to Consider User Experience When Deploying MFA

Take a second to think about the number of times you have used multi-factor authentication (MFA) to access your work.

It’s a number that seems infinite, and possibly something you have never thought about before. Countless push notifications, text messages or card taps later, MFA is now an inevitable part of our working lives that powers secure access to PCs, networks, facilities, applications and more by proving we are who we say we are.

For some of us, complying with MFA is something that we now do without realizing — like muscle memory. For others, MFA can be an annoyance and an inconvenience that gets in the way of work. What do you think your workforce would say about your current MFA workflows?

Now that MFA is a vital piece of any workforce cybersecurity strategy, we need to make sure it is not a burden. While security and convenience are rarely perceived as two things that work in harmony, with advanced and modern MFA they can. HID Global’s MFA solutions for the modern workforce enable organizations to provide a simple experience every time, for both users and admins, all while meeting stringent compliance mandates and regulations to the highest standards.

Ultimately, the goal is to keep it simple and frictionless for your users so they can easily comply with your MFA and carry on safely and happily authenticating. HID’s MFA solutions make this possible by making every part of your authentication convenient — from issuance and credential management to cloud and on-premise authentication, available separately or as an end-to-end solution, each with exceptional user experience in mind. Let’s explore them.

The Authenticators — Crescendo®

When it comes to convenient MFA, it all starts with simple and usable devices that suit your specific workflows. From smart cards to security keys, deploying Crescendo authenticators means that you can mix and match multi-protocol form factors while facilitating a seamless experience that integrates into your employees’ lives — from home to the office, and everywhere in between.

For most of us, a large part of convenience is about having to do as little as possible to get the maximum results. That is why providing unified access for both IT and physical resources and using multi-purpose authenticators take the complexities away from organizations with numerous resources and facilities that all utilize different authentication. Instead, with Crescendo as a universal credential, your users can use the same smart card to securely access all resources while hardly having to think about authentication when moving between offices or networks.

Easy management of these authenticators is also important, because after all, a solution could be pain-free for your end-users, but a complete headache for the admins who are managing them. Crescendo authenticators contain multiple credentials within the same device, meaning you can easily manage them across your entire workforce. You can also leverage Crescendo C2300 smart cards and security keys with native PIV support without needing to install additional drivers.

Cutting costs is a large part, too. That is why you can select the authenticator that best suits your needs, including the option to utilize security keys with either USB-A or USB-C that will natively work with your workforce’s PCs, removing the need for additional investments in compatible reader equipment.

The best part about Crescendo is that you can enjoy the freedom of choice to use your smart cards and security keys as standalones or as part of an end-to-end solution, including issuance and management as well as authentication services, whether on-premise or in the cloud. Let’s take a closer look.

The Issuance and Management — WorkforceID™ Digital Credential Manager

Now that we have the credentials covered, how can we issue and manage them in the most efficient way possible? HID’s cloud-based service, WorkforceID Digital Credential Manager provides a centralized platform to manage the lifecycle of these digital identities and high assurance smart cards and security keys.

The convenience comes from bringing all your credentials together to achieve full visibility and control to quickly manage and maintain their entire lifecycle across your whole organization. An easy-to-deploy SaaS, it integrates with your corporate directory so that you can be using and managing your credentials within hours.

WorkforceID Digital Credential Manager allows you to use a shared PIN between the PKI and FIDO® credentials of your Crescendo smart cards and security keys, thus reducing the need for PIN reset helpdesk requests and ultimately providing a more seamless user experience.

Should you prefer an on-premise solution for issuing and managing your credentials, learn more about HID ActivID® Credential Management System.

Now that we’ve covered the issuance, management and authenticators themselves, here comes the exciting part — using them to craft a seamless, modern MFA experience for your users either on-premise or in the cloud.

Powering MFA on the Ground — DigitalPersona®

DigitalPersona is HID’s award-winning on-premise MFA software that natively integrates with Active Directory and provides a diverse range of authentication methods and options for accessing numerous applications — from Windows to cloud and legacy. It is a solution that’s sure to suit your preferred use cases and differing workflows with your organization’s idea of convenience.

Convenience of Choice — Use DigitalPersona to deploy MFA using any authenticator that meets your needs — smart cards, contactless cards, security keys, mobile devices and biometrics including face and fingerprint. Take your pick, and even combine mobile and facial recognition to facilitate a zero-touch experience that requires zero effort from your workforce. It doesn’t get more convenient than that.

A Pain-Free User Experience — DigitalPersona is a solution that gives you a lot of freedom to configure workflows which are convenient for your organization. Whether this means easily managing and pushing security policies, utilizing self-password resets, remotely onboarding users or providing them with a self-onboard interface, the solution has been designed with a smooth user experience in mind.

Passwordless Access — Supporting a concept which is increasingly popular, DigitalPersona enables you to establish a passwordless experience and eliminate repetitive log-ins through automated logon to both cloud-enabled and desktop applications.

The Ultimate Windows Logon Experience for Your Users — With support for Windows 10, DigitalPersona is the only product on the market that supports Windows Logon with FIDO2 authenticators with on-premise Active Directory. This means that users can use the same FIDO2 authenticator for cloud applications, such as Office 365, as well as on-premise Active Directory.

Powering MFA From the Cloud — WorkforceID Authentication

Part of a suite of mix and match WorkforceID applications for physical and cyber security, WorkforceID Authentication is a cloud-based solution that enables you to extend a streamlined, simple, and secure log-in experience to every user and application.

The quick and easily deployable MFA SaaS integrates with Microsoft Azure Active Directory, Virtual Private Networks (VPN) and soon Active Directory to enable remote log-in for your workforce. WorkforceID Authentication ensures secure MFA across your diverse and disparate workforce, allowing you to accommodate the ever-expanding boundaries of work.

The service, with an SLA of 99.99%, is one that grows with your needs, delivering automatic updates and upgrades including new features — all with zero downtime, so that your workforce can get on with the things that really matter. When it comes to equipping your remote workforce with easy MFA, it helps to provide not only an efficient admin portal for admins to manage devices centrally, but also an intuitive self-service portal for users to enroll and manage their own devices.

Making MFA easy and convenient for both users and admins isn’t as tricky as you might have thought — as long as you have the right tools for an end-to-end solution. Take a deep dive into HID’s MFA portfolio and products to learn more.

Maria MacRitchie leads the product marketing efforts for the IAM Workforce Authentication solution globally. She has over 15 years of experience with B2B and B2C product, services and marketing communications within the IT and telecom industries. Maria has been with HID for seven years, holding various communication roles within the Professional Services, PACS Cloud Services and Product Marketing teams.