AWS Single Sign-On now supports WebAuthn multi-factor authentication tools like YubiKeys
Support for Yubico in the AWS environment has been expanded with the introduction of native WebAuthn support for AWS Single Sign-On (SSO), enabling strong, FIDO-based multifactor authentication (MFA), according to a company blog post.
Yubico is an Advanced AWS Technology Partner and AWS Public Sector Partner, and the company calls the support expansion a milestone for it and the open standards it has participated in the development of.
AWS SSO users can authenticate with a YubiKey to generate an exchange of pubic and private encoded keys, which according to Yubico creates a phishing-resistant connection to popular third-party SaaS applications and others within the AWS ecosystem. The new features allow administrators to manage access and logins to applications integrated with AWS SSO, and they can set policies that give apps access to certain users of groups sourced from AWS SSO or external identity providers like AWS SSO Identity Store and Microsoft Active Directory, as explained in the blog post.
In addition to eliminating the need to sign into each cloud-based application separately, using a YubiKey with AWS SSO increases identity protection and extends workload administration. Biometrics or security keys can also be added as authentication factors to prevent unauthorized access to sensitive company data through AWS SSO’s enforced enrollment features.
Yubico recently announced the launch of a line of its hardware security keys with fingerprint biometric authentication, as well as a WebAuthn Starter Kit.