Configure FEITIAN FIDO2 security key to passwordless authenticate in Azure AD
What you’ll need
- An active Azure AD tenant which is able to leverage Azure MFA functions.
- A global admin account in Azure AD
- A test account with normal privileges in Azure AD
- A FIDO2 compatible security key.
Enable FIDO2 authentication method
First you’ll need to enable the following feature preview setting:
- Go to the Azure Portal (https://portal.azure.com) and log in using your Global Admin account.
- Navigate to the Azure Active Directory blade > User settings.
At section User feature previews click: Manage user feature preview settings.
3. Enable feature Users can preview features for registering and managing security info – enhanced.
You can choose between All users, or a selected group of users. I would recommend by selecting a pilot group first.
4. Now go back to the Azure Active Directory blade, and navigate to the menu-item Authentication methods.
5. Click FIDO2 Security Key, switch it on by clicking Yes and configure your target. Preferably you select the same group as selected at step #3. Finally click Save.
6. From administrative perspective you’re done now.
It’s time to switch over to the test account on which you are going to connect the security key.
Register FIDO2 key with Azure AD account
First, make sure you use Microsoft Edge as browser in able to connect the FIDO2 security key.
- Navigate to the following link, and sign in using the test user.
- At tab Security info , add a method by clicking + Add method.
3. Choose Security key, and then click USB device.
4. Edge will now prompt to insert the USB key (if not present already). It will require to add a PIN code or verify your biometric.
5. Now you are all set. You can now sign out, and sign back in again to test if the key is working properly.