December 10, 2024

Passkeys in the Enterprise

Boost enterprise security and streamline user authentication with FIDO2 Passkeys. Simplify logins and eliminate the risks of traditional passwords with Omnissa's cutting-edge technology. 

In an earlier blog post, I introduced FIDO2 Passkeys and explained the benefits to adopting this authentication standard. This post will cover key considerations for IT and Security teams interested in adopting FIDO2 passkeys in the enterprise and how Omnissa can help your organization benefit from embracing this new authentication standard.

FIDO2 Passkeys offer a significant security advantage by enabling passwordless authentication, leveraging platform authenticators from the major vendors like Apple and Google through biometric sensors or PINs on mobile devices and computers. This approach simplifies user authentication and enhances security by eliminating traditional passwords, which are prone to phishing and credential theft. However, when users authenticate from Bring Your Own Device (BYOD) or unmanaged devices, there is a potential risk. These devices might not comply with an organization’s security policies, leaving them vulnerable to compromise, such as malware or weak security configurations. This poses a challenge in verifying the trustworthiness of the device initiating the authentication request, making it harder to enforce robust security controls and prevent unauthorized access..

The Enterprise Use Case

According to the FIDO Alliance, in just over 2 years since the vision of Passkeys was introduced, the adoption has grown significantly with “hundreds of services enabling billions of consumers to use passkeys.” This trend is expected to continue to accelerate as enterprises look for ways to adopt this technology while also ensuring that risky devices are not able to access corporate resources. This is a key consideration particularly for synced passkeys which are designed to be accessible across multiple devices.

When users create a synced passkey on one device, it can sync securely across their other devices via cloud storage mechanisms from major providers, such as Apple’s iCloud Keychain or Google’s Password Manager. Synced Passkeys offer great flexibility for users with multiple devices, allowing access to the same passkey on smartphones, tablets, and computers. They also address the scenario where a user begins using a new device as they can access their synced Passkeys after authenticating with their Cloud account provider.

However, as synced passkeys do not inherently provide information about the device’s security posture, they can be used from devices that do not adhere to corporate security standards. The devices may lack necessary protections, such as a Mobile Threat Defense solution or compliance with security baselines. As such if the device is compromised (e.g., by malware), attackers could misuse the passkey to gain unauthorized access to corporate resources.

How Omnissa Can Help

While adopting passkeys in an enterprise environment does present key challenges as mentioned, Omnissa Access and Workspace ONE UEM helps organizations integrate and manage passkeys while addressing the key concerns around device management, security and user experience.

The Workspace ONE platform offers robust device management and threat detection capabilities, allowing IT administrators to manage and enforce security policies across all employee devices. Administrators can configure authentication policies in Omnissa Access to ensure that only authorized and compliant devices can access sensitive corporate resources even when authenticating using a synced passkey. If the device is found to be non-compliant, access will be denied.

Here is a demo of how Omnissa Access enables administrators to restrict Passkeys to only organization compliant devices.

 

Summary

Many enterprises operate in complex environments with legacy systems that might not support modern authentication methods. Omnissa Access facilitates seamless integration with existing enterprise systems, ensuring compatibility with a wide range of application types. By supporting the latest FIDO protocols, Omnissa Access enables organizations to roll out passkeys across different environments as required. 

Omnissa empowers enterprises to seamlessly adopt FIDO2 Passkeys, offering passwordless authentication that enhances both user experience and security. By integrating device compliance assessments and conditional access policies, organizations can ensure that authentication requests are secure, helping organizations maintain a robust security posture.

Filter Tags

Workspace ONE Workspace ONE Access Workspace ONE UEM Blog Announcement

Sascha Warno

Read More from the Author

Staff Solutions Architect - Identity & Security, Omnissa Sascha has been with our team for 8 years having joined through the AirWatch acquisition, focusing on Workspace ONE UEM before shifting to Identity & Access Management as well as Security. He provided expertise on Sales and Customer Success teams. He currently provides security and access management guidance as part of the Tech Marketing team.

VIEW MORE

Chukwudi Udenze

Read More from the Author

Chukwudi Udenze is a Product Manager on the Security Solutions team at Omnissa. He is responsible for Omnissa's Workspace ONE Mobile Threat Defense solution as well as other security and access initiatives within the Omnissa product portfolio.

VIEW MORE