How HID and Microsoft Are Making Passkeys More Accessible to Enterprise
Creating Fast, Easy and Secure Authentication Journeys From Day One
Passkeys have made phishing-resistant authentication more accessible than ever.
That’s because they replace passwords — the most easy-to-compromise authentication method — with passwordless log-ins powered by cryptographic credentials that can be built into almost any device, from smart cards and USB keys to mobile phones and laptops. Users simply register their device to a FIDO compatible service or application, then leverage the cryptographic key pair that’s generated (a private key and a public key) to authenticate themselves in the future.
Until recently, enterprise passkey users had to complete this registration on each application or service separately — a process that slowed down user onboarding and introduced a good deal of friction to both users and IT administrators.
Thanks to the new FIDO2 provisioning APIs from Microsoft Entra ID, IT administrators can now create and register passkey credentials on behalf of their users. HID actively collaborated with Microsoft in testing this new capability, and we are also pleased to share that the integrated support within our Credential Management System (CMS) and the Authentication Platform will be available soon.
Our goal is to improve the user and administrator end-to-end experience by enabling a greater value proposition through additional capabilities such as support for remote device unlock and PIN reset. With such transformational capabilities in the passkey space, organizations are in a better position to achieve their business objectives relating to driving financial efficiencies through a reduction in help desk calls and device replacement.
“Microsoft is committed to realizing the full promise of passkeys to help accelerate adoption within enterprise organizations. Our new FIDO2 provisioning APIs, and our collaboration with leading vendors like HID, represent a big step forward in helping organizations create fast, easy and secure authentication journeys from day one,” said Natee Pretikul, Principal Product Management Lead at Microsoft Security.
Streamlining Passkey Provisioning
HID’s collaboration with Microsoft empowers organizations to customize a provisioning client that simplifies the onboarding process for both users and IT administrators. Here’s how it works:
- IT administrators request FIDO credentials according to the organization’s policy requirements and specifications
- Passkeys are issued and provisioned to a preferred device, such as device-bound passkeys like Crescendo Smart Cards and Security Keys
- Provisioned credentials are automatically registered with Entra ID to power secure, passwordless authentication for each user
Creating a single point of registration and management — instead of multiple points for each user — streamlines passkey provisioning and increases phishing-resistance from the desktop to the web.
What’s Next for Enterprise-grade Passkeys?
Passwords are a pain. Users hate remembering them. IT teams hate resetting them. Finance departments resent the costs associated with enterprise password management.
That’s why HID is committed to accelerating the adoption of passwordless authentication like passkeys for enterprise organizations. Our tight integration with the Microsoft ecosystem ensures seamless security from start to finish. HID is committed to continuously delivering value-added features to organizations and to the wider FIDO community to help propel the adoption of phishing-resistant authentication. Contact us and find out just how easy it is to go passwordless!
Ditch the passwords — and discover how HID can support your passwordless journey >>