To begin, check and make sure your tenant is enabled for the combined security information registration feature. There are multiple elements you’ll need to set up first in your Azure tenant.
Azure AD is an extremely complicated system and providing instruction on securing it would require a blog series all its own.) Enable FIDO2 (Disclaimer: While this post aims to teach you how to set up and roll out FIDO2 at your organization, it should not be considered guidance on how to harden your Azure AD tenant. In this post, we explore how to roll out a secure FIDO2 implementation at an organizational level and provide guidance on each of the services required for you to accomplish this at your organization, including conditional access policies (CAPs), Azure AD Multi-Factor Authentication (MFA), combined security information registration, AAGUID key restrictions, and authentication strengths. Azure AD is Microsoft’s cloud-based identity offering and runs within a dedicated Azure tenant that user’s control. Azure Active DirectoryĪt Palantir, we use Azure Active Directory (Azure AD, or AAD) as our identity provider (IdP) to back all authentication. While Palantir has enforced mandatory strong multi-factor authentication for well over a decade, hardware-backed authentication using FIDO2 represents the strongest form of modern authentication available.
Editor’s Note: This is the second post in the Passwordless Authentication Series, which shares insights from our journey on enforcing FIDO2 authentication via hardware authenticators (YubiKeys) across all of Palantir.
0 kommentar(er)
