Add-on customization feature over FIDO2 secure authentication.
Use Case-1: Mandatory FIDO2 authentication for BPO / Financial Institute
Business process outsourcing (BPO) is a method of subcontracting various business-related operations to third-party vendors.
Many businesses, from small startups to large companies, opt to outsource processes, as new and innovative services are increasingly available in today's ever-changing, highly competitive business climate.
Broadly speaking, companies adopt BPO practices in the two main areas — back office and front office operations.
- Back office BPO refers to a company contracting its confidential core business support operations such as accounting, payment processing, IT services, human resources, regulatory compliance, and quality assurance to outside professionals who ensure the business runs smoothly.
- By contrast, front office BPO tasks commonly include customer-related services such as tech support, sales, and marketing.
One of the BPO customers of Ensurity, spread across multiple geographical locations, involved in processing critical back-office operations. The BPO uses Microsoft cloud environment for its’ operations; and has deployed multiple Microsoft Windows systems that are connected to Azure AD.
The BPO customer has expressed their critical requirements as listed below
- Restrict the employees in carrying mobiles, pen drives and laptops inside the BPO division premises
- Restrict employees to share their password and authenticators (security keys).
- Enable employees to use any of the PC in the work area to login and to access enterprise applications.
- Deploy a network security policy to separate client network.
- Enable FIDO2 based authentication to their O365 applications
In response to these requirements, Ensurity has supported the BPO in configuring their system & network resources and in deploying the FIDO2 security keys:
- Configured necessary network security policies
- Deployed endpoint protection tools, which blocks the connectivity of pen-drives, mobile devices etc.
- Configured their PCs (Windows 10 Pro, ver.20H2 OS) as Azure AD joined systems.
- Ensurity has supported the BPO in supplying FIDO2 certified ‘𝗧𝗵𝗶𝗻𝗖-𝗔𝗨𝗧𝗛 𝗕𝗶𝗼𝗺𝗲𝘁𝗿𝗶𝗰 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗞𝗲𝘆𝘀’ to their multiple geographic locations. BPO Admins handed over these Security Keys to their every employee and ensured that every employee enrolled their fingerprints to the ThinC-AUTH security keys.
- As the ThinC-AUTH Security Key uses HID interface, existing endpoint protection tools directly allows the functionality of the FIDO2 authenticator.
- BPO Admins have allocated these Security Keys to their Users
- Ensurity team was on ground to help and guide the users in enrolling their fingerprints using Windows inbuilt ‘User Sign in’ option and assign a PIN as backup. The fingerprint registration is one-time process
- Once employees enrolled their fingerprints, they could login to their Windows systems without entering the password using ThinC-AUTH
With ThinC-AUTH Biometric Security Key, BPO employees could login to their enterprise systems without entering any password. As Microsoft environment enabled with SSO (single sign on), employees could login to their designated web & client applications without furnishing any password
Since biometric assures that a device can be assigned to one particular user, sharing of device will not allow other person for login unlike in case of passwords, which could be shared for login purpose.
Elimination of password saves the organization from phishing, spraying and other activities employed by hackers.