top of page
Blog article

Blog article

Example of Bulk Implementation of Passwordless Logon for PC Using Security Keys


We want to introduce a case study in which a company developing an infrastructure security business introduced YubiOn FIDO Logon simultaneously. This company provides users with PCs for telework and was considering a method to enable multi-factor authentication (MFA) for logging on to PCs. In response to this problem, we proposed the introduction of "YubiOn FIDO Logon" and were able to solve their problem. This time, I will introduce the specific content.


Introduced Organization

Infrastructure security company

  • Introduction of YubiOn FIDO Logon Approximately 300 Windows devices for telework Use Microsoft Entra ID (formerly known as Azure AD) account

  • Adoption of security key (YubiKey) Arrange YubiKey Bio (biometric authentication) for all users using PCs


Issues

This company has deployed around 300 PCs for telework to its users, and they are using Microsoft Entra ID (formerly known as Azure AD) accounts. Although progress was being made in introducing security related to mobile device management (MDM) and data protection inside PCs, the issue of implementing multi-factor authentication for logon to PCs itself remained. While considering ways to resolve the issue, they came across the idea of passwordless logon using the security key YubiKey Bio (biometric compatible) and asked our company to discuss whether this would be possible. Additionally, due to the large number of devices, there was a request for bulk distribution using MDM for implementation.


In summary, the following issues need to be resolved:

  • Multi-factor authentication for logging on to telework PCs.

  • Must be able to use a Microsoft Entra ID (formerly known as Azure AD) account.

  • Passwordless logon using a biometric security key.

  • Distribute software in bulk using MDM etc.


Solution
  • Multi-factor authentication (MFA) with YubiOn FIDO Logon By introducing YubiOn FIDO Logon*, they were able to strengthen the logon section of target PCs with multi-factor authentication using security keys. Since this product is a cloud service, customers do not need to prepare a separate server, etc., and can use it immediately after registering for the service. *Product description is included at the end.

Passwordless logon is now possible by simply inserting the security key into the USB port of your PC and touching it. By performing multi-factor authentication by possessing an authentication device, PIN (knowledge), or biometric user verification, you can ensure much higher security than password-only logon. Because the operation at logon is easier, it was possible to implement the system smoothly without compromising usability for users. In addition, YubiOn FIDO Logon supports not only local accounts but also Active Directory (including Entra ID) environments, so I think it is suitable for their requirements.

  • Bulk distribution of software YubiOn FIDO Logon enables the bulk distribution of software using Active Directory (or MDM tools, etc.). If you do not use bulk distribution, you will need to "download the software", "install it", and "enter the registration code for use" on each device. But if you install using bulk distribution, you can perform these operations all at once. Since the company in this case was already using MDM, the implementation went smoothly. The following blog also introduces bulk distribution: YubiOn FIDO Logon Client Software Installation Automation

  • Adoption of security key YubiOn FIDO Logon can use security keys compatible with FIDO2. Since we are also a security key distributor, we were able to provide one-stop support for everything from software installation to hardware (security key) procurement.


Finally

YubiOn FIDO Logon is the perfect solution for multi-factor authentication for PC logon using security keys. By adopting FIDO authentication, higher security can be ensured compared to password authentication. We support everyone from small-scale installations to large-scale installations, so please feel free to contact us with your needs.


  • YubiOn FIDO Logon YubiOn FIDO Logon is a cloud service that provides multi-factor authentication using the FIDO2 protocol for PC logon. There are also convenient functions such as integrated management functions and remote control functions on the Web management console. Please check the product introduction page for details. Also, please refer to this setup guide for details on the installation procedure.


  • Security key sales You can buy it from Amazon.

※ For bulk purchases or requests for quotations, please contact us from the contact page.

Comments


bottom of page