AWS Expands YubiKey Support with AWS SSO WebAuthn Integration

November 23, 2020 2 minute read

Another win for FIDO at the heels of its first industry conference, Authenticate 2020.  AWS Single Sign-On (SSO) has introduced native WebAuthn support to secure user access to AWS accounts and business applications using strong, FIDO-based multi-factor authentication (MFA) with YubiKeys.  Broader choice of authentication methods by AWS SSO is a win for modern authentication that has historically been limited to username/passwords and basic MFA to validate user access. 

This serves as yet another milestone for Yubico, an Advanced AWS Technology Partner and AWS Public Sector Partner, and the open standards work we’ve pioneered over the past decade

When AWS SSO users authenticate with a YubiKey, the public and private encoded exchange occurs, creating a phishing-resistant connection to commonly used third-party software as a service (SaaS) applications as well as other applications within the AWS ecosystem. The new features in AWS SSO allow administrators to manage access and logins to AWS SSO integrated applications. Administrators can set policies to allow apps to access certain users or groups sourced from AWS SSO or external identity providers (IdPs) such as AWS SSO Identity Store and Microsoft Active Directory. 

Using a YubiKey with AWS SSO increases identity protection, workload administration and simplifies the need to establish user credentials with each application.  Attestation using the YubiKey establishes proof that is tied to the digital you, confirming your access to various cloud based productivity and collaboration applications such as Salesforce, Slack, and Microsoft 365 – eliminating the need to authenticate into each app separately. 

With enforced enrollment features also available on AWS SSO, organizations can prevent unauthorized users from accessing valuable company data by requiring users to add multi-factor authentication methods such as biometrics or security keys.  

This is great news for the AWS and the Yubico ecosystem of app developers, systems integrators, and security administrators who are challenged to secure the organization’s ever-expanding firewall perimeter, while keeping remote workers secure and productive from anywhere, anytime. 

To learn more about protecting AWS SSO with the YubiKey, attend our joint webinar: Modern Authentication to Secure Enterprises: AWS SSO + YubiKeys on December 8th. For developers, read our recent blog: Go passwordless with the new Yubico WebAuthn Starter Kit to build support on WebAuthn. YubiKeys are available at

Share this article:

Recommended content


Built-in FIDO authenticators and YubiKeys are making the internet safer for all

In 2007, Yubico set out to protect as many people as possible by making secure login easy and available for everyone. We are happy Apple has joined Yubico, Google, and Microsoft on this journey by implementing W3C WebAuthn/FIDO compatible platform authenticators and are pleased to say that now all major platforms have adopted the standards ...


Your Bridge to Passwordless: Key Considerations When Building a Secure Passwordless Strategy

Learn about the key considerations to take into account when determining your path to passwordless, so that you can enhance organizational security while delivering users a fast and easy user experience.


Your Bridge to Passwordless: Separating fact from fiction in your journey

“Passwordless” can feel like a loaded term, with the security industry filled with differing and contradictory positions on the topic. The purpose of this whitepaper is to take an objective approach to understand the challenges that passwords present, what “passwordless” means, and what enterprises can expect moving forward as passwordless authentication matures.


Federal government authentication lessons

Learn what the government did right and what challenges still lie ahead.