- Thales's support for Fast IDentity Online (FIDO) 2.0 provides passwordless access to Microsoft Azure Active Directory (Azure AD)-connected apps and other services
- New solution offers a single token for combined PKI - FIDO use cases, without the need to rip and replace existing infrastructure
Thales has announced the launch of its first Fast IDentity Online 2.0 (FIDO2) and Microsoft Azure AD tested authentication devices, offering passwordless access for cloud apps, network domains and all Azure AD-connected apps and services. This integration will enable organizations to move to the cloud securely and apply secure access across hybrid environments via an integrated access management and authentication offering.
Set up in 2013, the FIDO Alliance is an open industry association aimed at developing authentication standards to help reduce the world's over-reliance on passwords. Passwordless authentication replaces passwords with other methods of identity improving the levels of assurance and convenience. This type of authentication has gained traction because of its considerable benefits in easing the login experience for users and surmounting the inherent vulnerabilities of text-based passwords. These advantages include less friction, a higher level of security that's offered for each app and the elimination of the legacy password.
"FIDO is increasingly being perceived as a viable passwordless authentication method in the enterprise, especially as Windows 10 and Azure AD adoption rises," said Francois Lasnier, Vice President for Access Management solutions at Thales. "However, many organizations are heavily invested in PKI, and other authentication schemes which have already delivered on the passwordless value proposition for legacy on-premises apps. This collaboration with Microsoft offers organizations a simple and smooth way to support secure cloud access with a broad range of access management solutions including passwordless FIDO-based authentication."
No need to rip and replace
Thales's new offering allows security conscious customers to deploy combined FIDO/PKI devices, and maintain compliance with the most stringent security certifications. Organizations who currently use PKI smart cards for Windows Logon and remote access can now use Thales's combined PKI - FIDO security keys to support this and all their enterprise use cases, including:
- Converged Badge solution with FIDO: Enterprises using access badges will be able to use FIDO2 and integrate a converged badge solution for physical and logical access
- Tokens can be used in any environment: They support contactless communication allowing strong authentication on mobile devices across any operating system
One of the biggest benefits of the offering is organizations who use PKI and OTP tokens can expand their authentication schemes without having to rip and replace their existing infrastructure. This means that organizations that rely on PKI authentication can now use a combined PKI-FIDO smart card to facilitate their cloud and digital transformation initiatives by providing their users with a single authentication device for securing access to legacy apps, network domains and cloud services.
"Passwords alone are no longer an effective security mechanism. It's clear we need to provide our customers with authentication options that are secure and easy to use. This is where passwordless authentication comes in," said Sue Bohn, Partner Director of Program Management, Microsoft Identity Division, Microsoft Corp. "We are pleased to see companies like Thales support our passwordless journey by integrating their solutions with Microsoft Azure Active Directory, Microsoft Account (Outlook, Hotmail), and Windows 10."
Thales will showcase the FIDO security key access to Azure AD resources as well as FIDO token management via SafeNet Trusted Access at the RSA Conference this week. For more information and a demo, come and visit us at Booth 5445 North Expo.