Phishing-resistant users build phishing-resistant enterprises. With the growing sophistication of cyber threats, enterprises that can efficiently raise the bar for security helps ensure protection of users and their data to effectively drive digital acceleration.
To help organizations achieve phishing-resistance at scale, we recently announced the general availability of Yubico Enrollment Suite – a set of offerings that includes Yubico FIDO Pre-reg and the brand new YubiEnroll – which delivers choice to enterprises in how they fast-track to a phishing-resistant stance and go passwordless by pre-enrolling YubiKeys with their Identity Platform (IdP) before delivering to end users. Today, we’re excited to announce the availability of Yubico Enrollment Suite with Okta.
As an offering within the Enrollment Suite, Yubico FIDO Pre-reg works seamlessly with the Okta Workforce Identity Cloud to deliver pre-enrolled YubiKeys from factory to doorstep. YubiEnroll offers additional benefits to enable organizations using Okta identity and access management with the ability for IT staff and administrators to easily enroll YubiKeys on behalf of end users at their premises. Whether selecting the full service Yubico FIDO Pre-reg offering, or YubiEnroll, Okta customers have complete choice in how they adopt the highest assurance MFA with YubiKeys quickly and easily.
How Okta became truly phishing-resistant
As the inaugural partner for Yubico FIDO Pre-reg, Okta worked closely with Yubico to design and engineer the integrated solution. As part of its initiative to lead the industry in the fight against identity attacks, the Okta Secure Identity Commitment, the company became an early adopter, quickly deploying the solution to its 6,000-strong global workforce.
Okta had three goals when starting the Yubico FIDO Pre-reg rollout, centered on employees needing to easily provide an end-to-end passwordless experience and create phishing-resistant users throughout the organization. These goals included:
- Phishing-resistant onboarding of new users starting on day one
- Phishing-resistant recovery of existing users, including a consistent recovery experience if a primary device or authenticator is lost
- Avoid user friction and admin overhead
Stephen Lee, vice president of Technical Strategy & Partnerships at Okta, was part of the core team that designed the solution: “At Okta, we had rolled out a passwordless solution for our global workforce using the Okta FastPass technology. With Yubico, we saw an opportunity to leap the final hurdle to deliver an end-to-end passwordless experience. Over four months, we shipped 6,000+ YubiKeys to employees and contractors in 42 countries.”
Using the power of Okta Workflows and Yubico FIDO Pre-reg, Okta is now a truly phishing-resistant enterprise. Highlights on the deployment include:
- 42 countries covered globally with the delivery of YubiKeys, to remote and physical office locations
- 6,000+ YubiKeys delivered to full-time employees and contractors worldwide
- 100% deployment within four months
- Zero admin overhead if an employee loses their primary authenticator or device
Building the Phishing-Resistant Enterprise
With Yubico FIDO Pre-reg, enterprise users can experience the highest assurance levels of secure passwordless access to their online accounts in minutes using the most secure form of passkey authentication, all while reducing the burden on their admins and users. Manual registration of users’ security keys is eliminated, as users receive security keys that are pre-registered with the organization’s Identity Provider (IdP) – such as Okta – by Yubico during production and shipped directly to the user, whether in corporate or residential locations.
By effectively enrolling the end user directly in the authentication platform – without reliance on the help desk or user to make security decisions – Yubico FIDO Pre-reg empowers enterprises to enhance cyber resiliency and halt phishing attacks on help desks throughout the user account lifecycle. This eliminates critical points where they may otherwise be exposed to hijack, such as onboarding, authentication and account recovery. With Yubico FIDO Pre-reg, users can get started on the most secure form of device-bound passkey authentication – reducing time, labor, and cost burden for IT departments while accelerating security and productivity for employees.
For a full overview of all the great features and benefits of the Yubico Enrollment Suite, visit here or contact our team with any questions and to get started today. Be sure to watch our joint presentation from Oktane 2024 (note: requires registration) on Okta’s rollout of Yubico FIDO Pre-reg, and check out our video below.