In the chain of IT infrastructure security, passwords are the weakest link. It’s easy to blame end users for creating risk, as some use poor password-management techniques like creating weak passwords or reusing the same one across multiple services. But let’s cut them a break. At work, they’re using apps for communications, productivity, task management, collaboration, and more. And in many cases, there’s more than one app to use to accomplish the same task!

With studies showing that 81 percent of cyberattacks begin with a compromised password, securing the login process has become a top priority for IT departments everywhere. Solutions like multi-factor authentication, including time-based, one-time passwords (TOTP), are a great start. However, many organizations believe that passwordless logins are the future and are ready to begin implementing these solutions for their end users. End users are also increasingly becoming ready for the passwordless future, as 57 percent expressed a preference for it over the username and password process they know today.

Microsoft recently announced Azure Active Directory (AAD) support for FIDO2-based passwordless sign-in to all connected apps and services. As described in their announcement:

“In this first release, you can use them to manage a staged rollout of passwordless authentication using FIDO2 security keys and/or the Microsoft Authenticator application. Going forward you’ll see us add the ability to manage all our traditional authentication factors (Multi-Factor Authentication (MFA), OATH Tokens, phone number sign in, etc.). Our goal is to enable you to use this one tool to manage all your authentication factors.”

Citrix and Microsoft have a 30-year history of delivering joint solutions to our shared customers. As a result of Microsoft’s support for FIDO2-based sign-in with AAD, we’re excited to share that Citrix customers can provide passwordless logins to Citrix Workspace by leveraging this feature release from Microsoft. This will enable end users to access SaaS apps, web apps, and document repositories connected through Content Collaboration in Citrix Workspace with no username and password. This provides a user-friendly, secure alternative to the username and password-based logins of today, as risk created by poor password management is mitigated. Additionally, help desk tickets for forgotten passwords can be all but eliminated, reducing cost for your organization.

Citrix Workspace administrators can begin to enable this for their end users by logging into their Citrix Cloud administration panel. Within the identity and access management pane, the administrator should choose to enable AAD as an identity provider (IdP). Citrix Workspace will then require an AAD administrator to sign in and to grant the necessary permissions to Citrix Workspace.

Once the administrator authenticates and grants the proper permissions, the configurations to link the two systems are automated. This step enables AAD as a potential IdP for Citrix Workspace. Once the configurations are complete, the admin enables AAD as the preferred IdP for this particular Workspace environment. Once the changes take effect, users can start connecting to Citrix Workspace with a FIDO2 security key, like Yubico’s Yubikey 5 Series, which was recently tested and verified as Citrix Ready.

For the end user, their passwordless login to Citrix Workspace is now ready to go. When they attempt to log in to their Workspace experience, they will automatically be redirected to an AAD login page for sign-on. But, instead of entering a user name and password, the user will be directed to insert their FIDO2 key, enter their pin, and tap it with their finger. At that point, the user has been authenticated and has access to all their resources in Citrix Workspace.

See it in action in the video below, and click here to learn more about modernizing IT security with Citrix Workspace.