Citrix Blogs

Introducing end-to-end password-less authentication using FIDO2

Person in front of computer screens with financial data.

Within today’s enterprise, every IT admin is thinking about their organization’s security posture every day. It’s what keeps them up at night. They’re trying to strike the right balance between allowing seamless access and ensuring they haven’t opened the door to bad actors. While centralization of data and removing it off the endpoint is one tool to support an effective security strategy, there’s a glaring weakness that can still compromise even the most backend security solutions: the password.

I’m not going to get into the details of why a password isn’t as secure most people think. Instead, I’m announcing a new feature that can enable a password-less experience for users needing to access virtual apps and desktops.

The final piece to our end-to-end password-less authentication story is now available: FIDO2 support. FIDO2 support in the virtual session was recently released in Citrix Virtual Apps and Desktops 7 2009 and the corresponding Citrix Workspace App for Windows 2009.5.

Now you have a complete, end-to-end solution that doesn’t require a password.

So, what does this mean? The beginning to the end of passwords, using FIDO2.

What is FIDO2?

FIDO2 is the latest specification from FIDO Alliance (Fast Identity Online) created to develop an open and license-free set of standards for secure, worldwide authentication on the web.

FIDO2 consists of the Client to Authenticator Protocol (CTAP) and the W3C standard WebAuthn. Together, they enable authentication where users identify themselves with cryptographic authenticators (such as biometrics or PINs) or external authenticators (such as FIDO keys, wearables or mobile devices) to a trusted WebAuthn remote peer (also known as a FIDO2 server) that typically belongs to a website or web app.

FIDO2 is essentially password-less authentication and is the industry’s answer to the global password problem and addresses all the issues of traditional authentication.

Get the Most Out of Your Password-Less Authentication

We’re taking advantage of Microsoft Azure Active Directory and its integration with Citrix Workspace. We’re also using Citrix FAS for the cloud to federate the authentication to start the virtual desktop. This also includes the ability to authenticate using FIDO2 once in the virtual session. All you have to do to get started is sign up for Citrix Cloud.

Authenticating using FIDO2 once in a virtual session is available to on-premises customers, as well, if they meet the minimum requirements of the feature. However, without the Citrix Cloud components you will not have access to the complete end-to-end solution.

This is just one example of how we’re transforming the future of work. To learn about more innovative features we have on the horizon, register for our Citrix Cloud Summit on October 8.

Exit mobile version