Now that the certificate is on the iPhone and referenced through the Yubico Authenticator app, it can be used for Certificate-Based Authentication (CBA). Once the scan is completed you should see the certificate(s) listed and the extension should be set to ‘enabled’. 💡 Hold the YubiKey top left on the screen as shown OR behind the iPhone in the same location. They should lobby their vendors to work as closely to Microsoft as Yubico does or they should consider a move to YubiKeys.Įnrolling a certificate to the iOS keychain over NFC using the Yubico Authenticator app. This is FANTASTIC news for Yubico customers, but it also means that for everybody else (even for ISO smart cards with NFC), at least for now (Nov 2022), they are left out. Now, we’re thrilled to announce the public preview of Azure AD CBA support on iOS and Android devices using certificates on hardware security key ( YubiKey).
Microsoft writes:Īs a part of Microsoft’s commitment to Executive Order 14028, Improving the Nation’s Cybersecurity. Microsoft Azure configured for Certificate-Based AuthenticationĪ special note on smart card vendor supportĪs of Microsoft’s announcement the ONLY hardware-based external authenticator supported by Microsoft in native apps is the YubiKey.Yubico Authenticator and Microsoft Authenticator installed on device.Certificate (smart card logon) enrolled to the YubiKey on slot 9a.YubiKey 5 NFC (USB-A) or YubiKey 5C NFC (USB-C).The following prerequisites should be met to successfully follow this guide: I am excited about this and I hope you are too! 💡 I also provide some commentary if you are using iPad or an Android-based device. So without further ado: in this blog post I will take you through associating a certificate enrolled to a YubiKey 5 NFC to the Yubico Authenticator app (iOS keychain) on an iPhone and then using it to logon to Office 365. Needless to say, it has been a “blocker” for smart card adoption in forward-looking enterprises, because how does an organization implement MFA or “Passwordless” based on smart cards if they cannot be supported on mobile devices? User expectations (especially since the Covid-19 pandemic) has certainly been “ATAWAD” -any time, anywhere, any device.īy the diligent and dedicated work of Apple, Yubico and Microsoft not only can you now use a smart card (not a virtual smart card, not a derived credential) on a mobile device, but it works surprisingly well! It’s been that recurring moment where as a sales engineer you want to pretend Teams is suddenly down. Working with “PKI” (understood here simply as ‘certificate-based authentication’, ‘signing, and ‘encryption’ using smart cards) for several years, one of the pitfalls and objections I have run into with some regularity, has been the question of mobile device use cases. You can now finally logon with a YubiKey as a smart card on mobile devices.
0 kommentar(er)
