To help organisations achieve phishing-resistance at scale, weย recently announcedย the general availability ofย Yubico Enrollment Suiteย โ a set of offerings that includesย Yubico FIDO Pre-regย and the brand newย YubiEnrollย โ which delivers choice to enterprises in how they fast-track to a phishing-resistant stance and go passwordless by pre-enrolling YubiKeys with their Identity Platform (IdP) before delivering to end users.
As an offering within the Enrollment Suite, Yubico FIDO Pre-reg worksย seamlesslyย with theย Okta Workforce Identity Cloudย to deliver pre-enrolled YubiKeys from factory to doorstep. YubiEnroll offers additional benefits to enable organisations using Okta identity and access management with the ability for IT staff and administrators to easily enroll YubiKeys on behalf of end users at their premises. Whether selecting the full service Yubico FIDO Pre-reg offering, or YubiEnroll, Okta customers have complete choice in how they adopt the highest assurance MFA with YubiKeys quickly and easily.
How Okta became truly phishing-resistant
As theย inaugural partnerย for Yubico FIDO Pre-reg, Okta worked closely with Yubico to design and engineer the integrated solution. As part of its initiative to lead the industry in the fight against identity attacks, theย Okta Secure Identity Commitment, the company became an early adopter, quickly deploying the solution to its 6,000-strong global workforce.
Okta had three goals when starting the Yubico FIDO Pre-reg rollout, centered on employees needing to easily provide an end-to-end passwordless experience and create phishing-resistant users throughout the organisation. These goals included:
- Phishing-resistant onboarding of new users starting on day one
- Phishing-resistant recovery of existing users, including a consistent recovery experience if a primary device or authenticator is lost
- Avoid user friction and admin overhead
Stephen Lee, vice president of Technical Strategy & Partnerships at Okta, was part of the core team that designed the solution: โAt Okta, we had rolled out a passwordless solution for our global workforce using the Okta FastPass technology. With Yubico, we saw an opportunity to leap the final hurdle to deliver an end-to-end passwordless experience. Over four months, we shipped 6,000+ YubiKeys to employees and contractors in 42 countries.โ
Using the power of Okta Workflows and Yubico FIDO Pre-reg, Okta is now a truly phishing-resistant enterprise. Highlights on the deployment include:
- 42 countries covered globally with the delivery of YubiKeys, to remote and physical office locations
- 6,000+ YubiKeys delivered to full-time employees and contractors worldwide
- 100% deployment within four months
- Zero admin overhead if an employee loses their primary authenticator or device
Building the Phishing-Resistant Enterprise
With Yubico FIDO Pre-reg, enterprise users can experience the highest assurance levels of secure passwordless access to their online accounts in minutes using the most secure form of passkey authentication, all while reducing the burden on their admins and users. Manual registration of usersโ security keys is eliminated, as users receive security keys that are pre-registered with the organisationโs Identity Provider (IdP) โ such as Okta โ by Yubico during production and shipped directly to the user, whether in corporate or residential locations.
By effectively enrolling the end user directly in the authentication platform โ without reliance on the help desk or user to make security decisions โ Yubico FIDO Pre-reg empowers enterprises to enhance cyber resiliency and halt phishing attacks on help desks throughout the user account lifecycle. This eliminates critical points where they may otherwise be exposed to hijack, such as onboarding, authentication and account recovery. With Yubico FIDO Pre-reg, users can get started on the most secure form of device-bound passkey authentication โ reducing time, labor, and cost burden for IT departments while accelerating security and productivity for employees.
