Microsoft and HID Improve Certificate-Based Authentication
Digital trends, work culture shifts, and evolving cybersecurity threats are constantly changing the way organizations deal with their identity security. With new mandates and requirements emerging, such as the White House Executive Order on Improving the Nation’s Cybersecurity Strategy, organizations face the challenge of boosting security and user experience throughout a complex variety of systems, networks, and applications.
Standards like Fast Identity Online (FIDO), Public Key Infrastructure (PKI), and the Initiative for Open Authentication (OATH) are helping IT teams to address this and strengthen their approach to authentication. But while PKI is seen as a gold standard for authentication, specifically required for regulated industries, it has been harder to achieve the same level of ease as other protocols when it comes to integration with newer architectures – such as cloud.
The Public Preview of Microsoft's Azure AD Certificate-Based Authentication is Now Available
Earlier this quarter, Microsoft announced the public preview of Azure Active Directory (Azure AD) Certificate-Based Authentication (CBA). This enables the tens of millions of identities already leveraging x.509 (PKI) digital certificates to natively authenticate to Azure and any applications protected by it. Here’s what this means for organizations.
While digital certificates have been a go-to option for on-premises authentication since Windows 2000, mirroring support in cloud applications often required an additional identity provider that supported digital certificates. This leaves organizations who need digital certificates to meet stringent compliance mandates and regulations, such as financial, energy or government institutions, with a headache when trying to manage multiple security systems and protocols.
By adding digital certificates as an additional authentication method to Azure, organizations can use the method that best fits their industry and organization specific security needs.
HID MFA Solutions and Azure AD CBA for a Complete Identity-Security Ecosystem
HID is proud to partner with Microsoft to combine HID’s smart credentials and credential management capabilities with Azure AD. This powerful combination helps information security and technology teams:
- Make certificate-based authentication easier to deploy while simplifying remote management of credential lifecycles to support the hybrid workforce
- Protect all applications using PKI credentials and certificate-based authentication that is easier for end-users to use
- Adopt phishing-resistance authentication using multiple security protocols in the same ecosystem to enable seamless, protected access to corporate resources
- Secure access to non-FIDO enabled resources using strong authentication for legacy applications
This collaboration between Microsoft and HID preserves the existing digital certificate investments of our joint customers in the US Federal space, defense contractors, energy companies, financial institutions and other regulated industries. We believe that this capability will help implement orders and requirements like the White House Executive Order on Improving the Nation’s Cybersecurity
—Susan Bohn, VP of Program Management, Microsoft
HID’s Crescendo smart cards and security keys (NFC, USB-A and USB-C) are public key tokens that integrate seamlessly with Azure AD CBA for phishing-resistant authentication and SSO protection, secure log-in to VPN, servers, Azure AD and any application protected by it, digital signature and data encryption.
With support for PKI/PIV, FIDO2 and OATH one-time passwords, as well as various physical access technologies, Crescendo authenticators give organizations the versatility to leverage multi-factor authentication that is unmatched in security, yet easy to deploy and use.
WorkforceID Digital Credential Manager is a cloud-based application that makes it easy for organizations to deploy, manage and revoke certificate-based credentials using a suite of services for centralized PKI credential lifecycle and device PIN management.
Furthermore, existing ActivID Credential Management System customers can assess the ability to extend their current capabilities via Crescendo or Azure AD CBA.
Customers who have already deployed Crescendo cards and security keys, can immediately take advantage of these capabilities by enrolling into the public preview of Azure AD CBA.
Maria MacRitchie leads the product marketing efforts for the IAM Workforce Authentication solution globally. She has over 15 years of experience with B2B and B2C product, services and marketing communications within the IT and telecom industries. Maria has been with HID for 7 years, holding various communication roles within the Professional Services, PACS Cloud Services and Product Marketing teams.