YubiOn FIDO Logon Enables Key Registration at Windows Logon Screen Post-RDP
- YubiOn
- 2024年12月12日
- 読了時間: 5分
December 12, 2024
To All Members of the Press
We are pleased to announce the release of a powerful new option for “YubiOn FIDO Logon,” the definitive solution for enabling multi-factor authentication (MFA) at PC login: Key Registration at the Login Screen—designed to simplify enterprise deployment.
One of the major hurdles in implementing passkey authentication is the process of registering keys to user accounts. This typically involves advance instructions, key distribution, user-side operations, and considerable time and effort until all users are fully set up.
With the new Login Screen Key Registration feature, users can complete key registration simply by following the instructions displayed on the standard Windows login screen. There is no need to launch separate tools or open configuration panels—setup is completed as part of the usual authentication flow. This significantly streamlines the FIDO2 authentication onboarding process and accelerates MFA deployment across devices.
SoftGiken Co., Ltd. (President: Norio Fujita, established in 1983) has been offering the cloud-based “YubiOn FIDO Logon” service since May 2021, enabling easy passwordless authentication for everyone. On July 1, 2024, we added support for passkey-based PC logon via Remote Desktop connections. Now, starting November 6, 2024, we are further simplifying enterprise deployment with this powerful new key registration option.
Image: Key Registration on the Logon Screen
Passkey Support for Windows Remote Desktop Logon Authentication
Microsoft has already implemented a method for using passkey authentication on Remote Desktop sessions via WebAuthn Redirect, allowing users to authenticate using devices connected to their local PC.
However, this method currently does not support authentication at the remote machine’s logon screen.
In July 2024, YubiOn FIDO Logon added support for Windows' native Remote Desktop, enabling passkey-based logon even in remote desktop environments.
Image: Passkey Logon via Remote Desktop
Introducing Passkeys Acroos All Use Cases
A “passkey” is a multi-device authentication standard promoted by the FIDO Alliance since 2022, aimed at advancing passwordless authentication technologies. It has gained attention following adoption announcements by Microsoft, Apple, and Google. Built on existing FIDO2 and WebAuthn standards, passkeys introduce features such as synced passkeys (authentication data synchronized across devices) and hybrid authentication (authentication using a different device), enhancing user convenience.
For device-based multi-factor authentication and passkey authentication, Windows Hello for Business is one available option. However, it presents several challenges for deployment, including lack of support for Remote Desktop, complex setup procedures in Entra ID, and a high operational burden on users.
YubiOn FIDO Logon offers a solution that simplifies deployment, enables smooth operational rollout, and supports environments like Remote Desktop. It promotes the adoption of passkey authentication across all device authentication scenarios.
1.What is YubiOn FIDO Logon?
YubiOn FIDO Logon is a cloud-based solution that enhances PC login security by enabling two-factor authentication using FIDO (passkeys). Its key features include the ability to apply FIDO authentication—originally designed for web login—to PC login, and centralized management and control by administrators via the cloud. It also supports Active Directory (AD) and Azure AD (Microsoft Entra ID).
Image: Overview of YubiOn FIDO Logon
2.Key Features of YubiOn FIDO Logon
1) Web-Based Management Console for Centralized Control
Administrators can monitor the status of registered devices and authentication data at any time via the web console. Configuration changes are instantly reflected on the devices, enabling real-time management.
Authentication logs are also viewable via the web, allowing quick incident response and status tracking.
2) Easy Deployment of Robust FIDO (Passkey) Authentication
By simply installing the software and performing basic initial setup, PC logon can be upgraded to FIDO authentication.
This allows organizations to implement FIDO’s strong security on their devices with minimal effort.
3) Supports a Wide Range of FIDO Authenticators
Compatible with various authenticators based on the FIDO2 specification, allowing flexible authentication methods.
Users can choose passwordless options tailored to their needs, such as “PIN + authenticator” or “fingerprint + authenticator.”
Additionally, Android and Apple smartphones can be used as authenticators, further expanding the range of supported methods.
3.Use Cases
YubiOn FIDO Logon can be used in various security-sensitive environments:
1) For environments using Active Directory (AD) or Azure AD (Microsoft Entra ID)
Ideal for organizations that want to implement two-factor authentication on PCs without modifying AD or Azure AD settings, or where Windows Hello does not support desired authenticators.
YubiOn FIDO Logon allows flexible security design without being constrained by AD configurations.
2) For applying two-factor authentication to specific accounts only
Fine-grained security settings are possible, such as enabling two-factor authentication only for Windows accounts with Administrator privileges.
3) To reduce password reset inquiries
Since FIDO Logon enables passwordless authentication after the initial setup, it helps reduce support requests related to forgotten passwords.
4.Product Specifications
1) System Architecture Diagram
Image: YubiOn FIDO Logon System Architecture
2) System Requirements
CPU: 1GHz or higher, 32-bit or 64-bit processor
Memory: 2GB or more
Storage: At least 100MB of free space
Required Middleware: .NET Framework 4.7.2 or later
3) Supported Operating Systems
Client OS: Windows 10, Windows 11
Server OS: Windows Server 2016, Windows Server 2019, Windows Server 2022
※ Support for specific versions of Windows 10 and 11 follows Microsoft’s support lifecycle.
4) Main Features
(1)Two-Factor Authentication
Strengthens PC logon security using FIDO authenticators (security keys, smartphones).
Supports passwordless combinations like “PIN + authenticator” or “fingerprint + authenticator” with FIDO2 authenticators.
(2)Enforced FIDO Logon
Forces the use of FIDO authenticators during Windows logon.
(3)Screen Lock Function
Automatically locks the screen when the FIDO security key is removed.
(4)Remote Desktop Logon Support
Enables passkey authentication for Windows Remote Desktop logon.
(5)Logon Screen Key Registration
Forces key registration at the logon screen for user accounts.
(6)Offline Logon Functionality
・Cached Logon
Uses cached credentials from the previous authentication for offline access.
・Expiration Settings
Allows setting the validity period for cached credentials.
(7)Remote Lockout Function
Allows administrators to remotely lock out devices via the web console.
(8)Authentication Failure Lockout
・Failure Lockout
Locks the device after a set number of failed logon attempts.
・Auto Unlock
Automatically unlocks the device after a specified time.
(9)Group Policy Functionality
Applies grouped settings to devices based on configuration profiles.
(10)Log Management
Collects and displays device logs in the web management console.
(11)Location Tracking
Collects and displays device location data in logs.
(12)Version Updates
Supports client software version upgrades.
(13)Uninstall Restriction
Prevents general users from uninstalling the software.
5.Pricing
・From ¥5,000/year per account (annual payment)
※ FIDO authenticators must be purchased separately. Soft Giken also offers them—please contact us for details.
6.Service Page
・Please refer to the following page:
Related blog post: “Tried the New Deployment Method for YubiOn FIDO Logon”