Knowledge base
February 26, 2024
Boost Cybersecurity with FIDO2 & Citrix via Microsoft Entra ID
In the digital age, online account security is more important than ever. “Account Takeover” (ATO) fraud poses a significant threat to both businesses and consumers. To address these challenges, Microsoft is introducing a powerful solution: integrating FIDO2 authentication with Citrix Cloud via Microsoft Entra ID.
🚀 The Revolution of FIDO2 Authentication
- Robust Security: FIDO2 replaces traditional knowledge-based security factors with “possession” and/or “presence,” using public key cryptography.
- User Experience: Provides a faster, simpler and more practical authentication experience while reducing vulnerabilities introduced by human behavior.
🔒 Innovation in Authentication with Praim Thin Clients
Praim thin clients now also support FIDO2-compatible devices for authentication in VDI environments, both on Windows 10 IoT and Linux-based ThinOX operating systems. This enables more secure and user-friendly authentication while logging into the Citrix cloud.
🌐 Advanced Use Scenarios
An advanced scenario tested by our team replaces classic domain name and password authentication with FIDO2 authentication from Microsoft’s Entra ID for logging into the Citrix cloud portal. This provides a more secure login experience for businesses and is faster and more appreciated by users.
🛠️ Authentication choices on the Citrix Portal
- Personal FIDO2 Devices: Users can get a personal FIDO2 device, managed and enrolled through the Microsoft portal.
- Integration with Productivity Tools: This device can also serve for authentication on other business tools such as Office 365 and Microsoft Teams.
📱 The “FIDO2” User & the “Thetis” Key
In our usage scenario, a Thetis USB stick was used to create a triple security authentication workflow, including a PIN (knowledge factor), possession of the secured device and physical interaction by pressing a button on the stick.
🛡️ Strong Protection from Attacks
This approach provides strong protection against external attacks and requires physical presence at the workstation for authentication. For even more robust security against internal attacks, consider a FIDO2 key with fingerprint recognition.
⚙️ Adapting the Authentication Experience
With FIDO2 support on portals such as Microsoft, organizations can further customize the authentication experience by setting“Key Restriction Policies,” which specify which security keys to use.
Integrating FIDO2 into Citrix VDI environments opens up new opportunities for more secure and efficient work processes. By leveraging advanced technologies such as FIDO2 and Microsoft Entra ID, organizations can significantly strengthen their cybersecurity while providing a smooth and user-friendly experience.
Want to learn more about how FIDO2 and Microsoft Entra ID can help protect your business from cybersecurity threats? Contact ALTA-ICT for more information and support. Let’s work together for a more secure digital future. 🌟