Intercede has worked with Microsoft to integrate MyID® into Microsoft Intune for mobile authentication.
The integration provides a secure, passwordless method for organisations to derive smart card credentials to iOS devices. Support for Android Enterprise fully managed devices and Windows 10 is expected in the future.
Evolving to embrace mobile
Many organisations operate passwordless multi-factor authentication for employees using smart cards. Employees and contractors use the smart card and a reader to authenticate themselves for secure access to desktops and laptops.
Smart cards enable users to authenticate for secure access to apps, websites, Wi-Fi, VPN, and enables S/MIME to sign and encrypt email.
With mobile devices in regular use across federal agencies and enterprises, many organisations are looking at how they can enable employees and contractors to make use of the technology whilst maintaining a highly secure environment.
To help organisations embrace mobile devices across their workforce, the National Institute of Standards and Technology (NIST) created guidelines for derived Personal Identity Verification (PIV) credentials as part of Special Publication (SP) 800-157. NIST’s guidelines provide the technical requirements necessary for physical smart card users to obtain strong credentials that can then be written easily to their mobile device for authentication, S/MIME signing and encryption.
MyID and Microsoft Intune for derived credentials – how does it work?
A comprehensive walk through of the Microsoft Intune mobile device enrolment flow with derived credentials is available on Microsoft’s Tech Community blog, however, in short after enrolling their mobile device with Microsoft Intune a smart card user goes to a computer with a connected smart card reader, and authenticates to MyID using the card and user PIN. After scanning a QR code displayed on the computer screen, MyID will then issue a digital certificate to the user’s mobile device, effectively deriving the trusted identity from the smart card on to the individual’s mobile device. The certificates are then available to Microsoft Intune to use for App Authentication, Email, VPN, S/MIME signing and encryption and Wi-Fi authentication.
Derived credentials deliver high security, passwordless strong authentication across desktop, laptop, tablet and mobile devices. Providing seamless and highly secure authentication for end users across the devices they want to use.
You can find out more about MyID for derived credentials here.