Today, we’re excited to announce a new first-to-market service available with YubiEnterprise Subscription called FIDO Pre-reg, which will transform passwordless onboarding for enterprises and their new employees from day one, and offers secure and fast account recovery and reset experiences as well. Organizations will be able to rapidly establish strong protection against phishing and other modern cyber threats across the organization, significantly reducing risk exposure. Okta and Yubico have partnered together for a Limited Early Access period where Okta customers in the US using Okta Identity Engine (OIE), Okta Adaptive MFA (AMFA) and Okta Workflows can take advantage of this new offering. Additional details can be found here.
The FIDO Pre-reg service enables enterprise customers to experience secure passwordless access to their online accounts in minutes using the most secure form of passkey authentication, while reducing the burden on their admins and their users. It eliminates manual user registration, as users can receive YubiKeys that are pre-registered with the organization’s Identity Provider (IdP). Customers can order pre-registered YubiKeys via Yubico’s YubiEnterprise Subscription program and can raise the bar for security enterprise wide at great speed, allowing users to securely access sensitive systems and data with a fast and easy experience. Users simply need to navigate to a web application or IdP login provided by their IT department, enter in a PIN supplied by IT, and they’re successfully authenticated with a phishing-resistant FIDO2/passkey credential, all without ever needing a password.
A deeper look at the benefits of FIDO Pre-reg
Some organizations have found that they have not been able to accelerate user adoption of modern, phishing-resistant MFA as quickly as they would prefer across the organization. Typically, organizational IT departments register YubiKeys on behalf of their employees/users or require users to self-enroll. This involves an IT or admin to manually register security keys for each employee, one by one, before delivering to the employee in-office or shipping the key to the employee location. This can be time consuming for IT and introduces potential delays for widespread user adoption.
While Yubico offers user self-enrollment options for YubiKeys, it can also be time-consuming for some users as different operating systems and devices often have varying enrollment processes. When organizations empower users to self-register YubiKeys, they are often onboarded with a username and password or temporary passcode via SMS-based one-time passcodes (OTPs) – all of which are phishable and can be easily intercepted.
With FIDO Pre-reg, not only does IT get freed up to focus on other strategic initiatives, users are also delighted by the fast and easy passwordless onboarding experience on day one as they raise the bar for protection on all of their important online accounts and systems effortlessly. Users that receive a secondary backup YubiKey can leverage the service to ensure phishing-resistant MFA is always available, in case of a misplaced or lost device, and avoid using a less secure authentication mechanism.
Having YubiKeys already registered ensures that the user can continue to work and stay productive, while drastically reducing help desk calls. No more stealing credentials using phishing tactics that then lead to ransomware and other damaging attacks due to account takeovers.
Organizations can also enhance their overall supply chain security by registering YubiKeys for their intended users which reduces the risk of someone stealing the YubiKey or computer in transit and then registering it. Greater security, more efficiency, and enhanced user delight, all enabled with the turnkey YubiKey activation service.
As a testament to the need for this service, DigitalOcean’s Information Systems and Security team had this to say about FIDO Pre-reg: “This is awesome! Yubico not only listened but delivered a solution that helps solve our user adoption challenges and reduce cost and overhead at the same time.”
Interested in FIDO Pre-reg? How you can get involved
FIDO Pre-reg is only available through the YubiEnterprise Subscription program which delivers greater business flexibility and agility with a YubiKeys as a Service model, all while lowering cost to entry.
The FIDO Pre-reg program will expand to Early Access in early 2024 with General Availability planned for mid-2024. YubiKey 5 NFC and YubiKey 5C NFC will be the first keys available with FIDO Pre-reg as part of a Limited Early Access and all YubiKeys will be available at General Availability.
Join us on November 8 for a webinar with Okta to discuss FIDO Pre-reg in more detail – register here. To learn more about how your business can take advantage of the Yubico and Okta partnership, visit here.