MyID and YubiKey provide a managed strong authentication solution for U.S. health services provider
About the organization
A leading US-based information and technology-enabled health services provider, serving 127 million people across 50 states required a strong authentication solution for its 160,000 employees.
The health services provider, found in 4 out of 5 U.S. hospitals, serves multiple federal agencies, state Medicaid, Health and Human Services agencies, as well as employers and life science organizations.
The challenge
The healthcare provider’s IT Security team was looking to evolve their digital identity solution to a strong two-factor authentication (2FA) system that would minimize the risk of data breach. Safeguarding patients and ensuring a seamless, secure user experience for their workforce was paramount.
Already utilizing public key infrastructure (PKI) for smart cards, the IT team identified an opportunity to extend the use of public key cryptography for employees to securely log in to their laptop devices.
Secure, seamless authentication from an end user perspective was essential as users, including practitioners on home visits, would need a quick and simple way of accessing sensitive information.
In addition, the organization needed a solution that would work within their existing environment, enabling credentials to be issued and managed to smart cards and other devices from one central credential management system.
PKI would enable the healthcare provider to issue encrypted credentials to smart cards, keys and mobile devices, offering a truly passwordless means of authenticating to secure networks for everyone.
The solution – The YubiKey
The YubiKey, a hardware security key by Yubico that enables strong two-factor authentication (2FA) as part of a PKI solution, stood out as the best technology. YubiKeys support multiple authentication protocols, including Personal Identity Verification (PIV), to address the US Government’s regulations for digital identity for Federal employees and Contractors.
YubiKeys delivered ease of use and reliable hardware-backed security to the healthcare provider’s employees, enabling them to securely log in to their desktops and laptops by inserting their YubiKey into a USB-A or USB-C port and tapping it to authenticate. This secure means of authentication enabled employees to access all of the systems necessary as part of their role.
With a significant share of employees operating Macbooks, the ability to use YubiKey 5 Series keys across both Macs and PCs for 2FA was a significant benefit, particularly as end-point protection options for Mac devices are limited.
MyID
With plans to issue 7,000 YubiKeys across its employees, the next challenge for the healthcare provider was to identify a way to issue secure credentials to each employee’s YubiKey. In addition, managing the lifecycle of such a volume of devices posed a further challenge.
MyID credential management software was already used by the organization for issuing and managing credentials to employee smart cards. Sitting at the heart of the healthcare provider’s PKI ecosystem, MyID provided the connectors necessary to link between Certificate Authority (CA), Hardware Security Module (HSM) and smart cards. In addition, MyID already supported the YubiKey and so enabled integration of the devices into the existing IT infrastructure.
MyID provided all of the request, issuance, update, and unlock features required to deploy certificates to YubiKeys and manage their lifecycle.
Intercede’s Professional Services team made integrating MyID into the existing identity eco-system simple, saving time and money.
The self-service element of MyID also meant that the healthcare provider was able to make lifecycle credential management simple and easy for their employees, enabling them to self-serve. Resulting in another time and cost efficiency for the organization.