I’m using a FIDO security key from Yubico since a year for some of my accounts. Now, I had the chance to get a eWBM Goldengate Security Key and test it. The rollout looks the same as for my Yubico keys, but there is one feature which is in my opinion the main advantage at the moment. It supports fingerprint and does not only check presence of a user like my existing keys. After the enrollment of the security key on the MySignin page as normal you realize, that you still have only entered a PIN and not a fingerprint.
Side note: Yubico is also working on the “YubiKey Bio” which is according to the homepage not yet available.
So, I checked the QuickStart guide in the box and there is the solution, to use the bio-metric verification you have to install the GoldenGate BioManager which is a simple setup. At the end of the setup the tool is automatically started and detected the security device. Important to know is, that the tool is automatically started with administrative rights. This means, that an end-user will not be able to use the tool on his own.
To add a bio-metric factor just click on Add Fingerprint…
… enter your pin you have chosen when enrolling the security key for your Azure AD account …
… and touch the fingerprint scanner as long …
… until you have the green check mark.
You can add also multiple fingerprints.
The BioManager app is simple to use and for me a big benefit to increase security by the bio metric factor. The login flow is then looking like that:
On the logon page select “sign in with a security key”.
Press the fingerprint reader …
… and you are already signed in …
… and able to access in my example the Azure Portal.
So, if you would like to try out FIDO and password-less with Azure AD this device is a really good choice.
- Build better pilot rings for Updates with MEM Intune - June 13, 2021
- Automatic Intune Documentation evolves to Automatic Microsoft 365 Documentation - May 25, 2021
- Build better pilot rings for Updates with MEMCM - March 14, 2021