AWS Expands YubiKey Support with AWS SSO WebAuthn Integration

November 23, 2020 2 minute read

Another win for FIDO at the heels of its first industry conference, Authenticate 2020.  AWS Single Sign-On (SSO) has introduced native WebAuthn support to secure user access to AWS accounts and business applications using strong, FIDO-based multi-factor authentication (MFA) with YubiKeys.  Broader choice of authentication methods by AWS SSO is a win for modern authentication that has historically been limited to username/passwords and basic MFA to validate user access. 

This serves as yet another milestone for Yubico, an Advanced AWS Technology Partner and AWS Public Sector Partner, and the open standards work we’ve pioneered over the past decade

When AWS SSO users authenticate with a YubiKey, the public and private encoded exchange occurs, creating a phishing-resistant connection to commonly used third-party software as a service (SaaS) applications as well as other applications within the AWS ecosystem. The new features in AWS SSO allow administrators to manage access and logins to AWS SSO integrated applications. Administrators can set policies to allow apps to access certain users or groups sourced from AWS SSO or external identity providers (IdPs) such as AWS SSO Identity Store and Microsoft Active Directory. 

Using a YubiKey with AWS SSO increases identity protection, workload administration and simplifies the need to establish user credentials with each application.  Attestation using the YubiKey establishes proof that is tied to the digital you, confirming your access to various cloud based productivity and collaboration applications such as Salesforce, Slack, and Microsoft 365 – eliminating the need to authenticate into each app separately. 

With enforced enrollment features also available on AWS SSO, organizations can prevent unauthorized users from accessing valuable company data by requiring users to add multi-factor authentication methods such as biometrics or security keys.  

This is great news for the AWS and the Yubico ecosystem of app developers, systems integrators, and security administrators who are challenged to secure the organization’s ever-expanding firewall perimeter, while keeping remote workers secure and productive from anywhere, anytime. 

To learn more about protecting AWS SSO with the YubiKey, attend our joint webinar: Modern Authentication to Secure Enterprises: AWS SSO + YubiKeys on December 8th. For developers, read our recent blog: Go passwordless with the new Yubico WebAuthn Starter Kit to build support on WebAuthn. YubiKeys are available at

Share this article:

Recommended content

Authentication Best Practices to Protect Against Identity Phishing

Learn what strong authentication really is, why it’s key for enterprise-wide identity assurance.

YubiKey for RSA SecurID Access product brief

Enterprise security made easy.

4 things ‘Among Us’ can teach security professionals about authentication

You’re making good progress on this task. One more data upload and then you’re out of here. But right before you can complete the upload, a klaxon blares. There’s been an attack! Time to head to the meeting room for the usual finger-pointing and scapegoating before the team decides who to jettison from the ship. ...

#YubiSecure: Take your Twitter security to the next level with increased 2FA support

Great news YubiFans! As of today, Twitter made it a lot easier for you to tweet safely and keep your accounts secure. Phishing-resistant YubiKey authentication via WebAuthn is now supported on Twitter’s desktop, Android and iOS mobile applications.  With native WebAuthn support throughout the Twitter platform, you can register and use a USB-, NFC-, or Lightning-compatible security key, like ...