How Citrix Workspace users can adopt passwordless authentication with Microsoft

In the nexus of IT infrastructure security, passwords are no longer an effective security mechanism. While it’s easy to blame our employees for creating these risk factors with poor password-management techniques such as creating weak passwords or using the same password across multiple logins and services, we need to cut them some slack. According to a Dashlane, analysis of data from more than 20,000 users in 2015, it’s found that the average user has 90 online accounts. Employees are using apps and services for communications, collaboration, and task management, making it overwhelming to manage passwords for each service.Recent studies by US-based company Verizon Enterprise show that 81 percent of cyberattacks are as a result of compromised passwords with securing the login process becoming a top priority for IT and technology departments alike. Organizations have adopted solutions such as two-factor authentication and time-based on-time passwords (TOIP) to create a secure login. However, more and more organizations believe the passwordless logins are the future with 57% percent of employees expressing a preference of passwordless logins over the user and password standard we use today.

In August 2019, Microsoft recently announced Azure Active Directory (AAD) support for FIDO2-based passwordless sign-in to all connected apps and services stating, “In this first release, you can use them to manage a staged rollout of passwordless authentication using FIDO2 security keys and/or the Microsoft Authenticator application. Going forward, you’ll see us add the ability to manage all our traditional authentication factors (Multi-Factor Authentication (MFA), OATH Tokens, phone number sign-in, etc.). Our goal is to enable you to use this one tool to manage all your authentication factors.”

As a result of Microsoft’s support for FIDO2-based sign-in with AAD, this integration will allow Citrix customers to provide passwordless logins to Citrix Workspace by leveraging this feature release from Microsoft. This release will enable end-users to access SaaS apps, web apps, and document repositories connected through Content Collaboration in Citrix Workspace with no username and password. This integration will provide a user-friendly, secure alternative to the username and password-based standards of today with the risk of account compromise significantly reduced.

Not only are risk factors mitigated, but support desk tickets for forgotten passwords can be all but eradicated – reducing both time and cost for your business.

Citrix Workspace administrators can begin to enable this for their end-users by logging into their Citrix Cloud administration panel. Within the identity and access management pane, the administrator should choose to enable AAD as an identity provider (IdP). Citrix Workspace will then require an AAD administrator to sign in and to grant the necessary permissions to Citrix Workspace.

Once the administrator authenticates and grants the proper permissions, the configurations to link the two systems are automated. This step enables AAD as a potential IdP for Citrix Workspace. Once the settings are complete, the admin enables AAD as the preferred IdP for this particular Workspace environment. Once the changes take effect, users can start connecting to Citrix Workspace with a FIDO2 security key.

For the end-user, their passwordless login to Citrix Workspace is now ready to go. When they attempt to log in to their Workspace experience, they will be redirected to an AAD login page to sign-on. Instead of entering a user name and password, the user will be directed to insert their FIDO2 key. They then enter their pin and tap it with their finger. At this point, the user has now been authenticated with access to all their resources in Citrix Workspace. See it in action in the video below, and click here to learn more about Teba’s Citrix Workspace solutions.