To proceed with this guide, Domain Admin priviliges are necessary!
Follow the steps below to enable your AirID FIDO for your Azure Domain
To use your AirID FIDO2 functionality, you first need to enable its method on your Azure Active directory. To do so, please follow the steps below, as well as to check out our other guides explaining all parts of the journey to fully utilize the AirID FIDO.
Contents of this Page:
2 Navigate to the 'Azure Active Directory' section
The Azure dashboard can be a little confusing at times, the easiest way to access the option we're reffering to is navigating through the Azure Active Directory Section, which if not located on the left panel, can be found in the 'all services' section or via the search bar.
3 Open the "Security" section
In the Azure Active Directory Section go the 'Security' tab. It'll be located on the second navigation panel.
4 Go to "Authentication Methods"
Again, as with the security tab, now select the 'Authentication methods' section.
5 Select "FIDO2 Security Key" Method
In this screen we can now set different Authentication Methods supported by Microsoft.
For this guide we will focus on the AirID FIDO so we skip the "Microsoft Authenticator" and the "Text message (preview)".
In regards to the "Temporary Access Pass (preview)" this functionality will allow us to invite users to setup their AirID FIDO security key and bypass possible 2nd factor enrollments. But this will be covered in another article.
6 Configure FIDO2 Security Key Method
Now we can setup our Microsoft Policy for our AirID FIDO.
Check the table for information on the different options
Presented Options | Description | |
---|---|---|
Enable | sign in | at this stage we can decide if we want to enable this FIDO2 method given the below options. It is then accessible for both sign in and Strong authentication. |
Strong authentication | ||
Target | All users | We can target both 'all users' or selected users as either individuals or sorted by groups which are defined in azures group section |
Selected users | ||
General | Allow self-service set up | This options lets users the option to roll out their own fido keys - at the moment we'd suggest leaving this option on 'yes' |
enforce attestation | This option refers the 'Key attestation' of the FIDO2 protcol ä at the current state we'd also suggest leaving this option on 'no' | |
Key Restriction Policy | enforce key restriction | With this 'yes/no' option we're able to restrict the keys used by their AAGUID |
restrict specific keys | with the 'allow/block' option we have the possibility to white/blacklist these keys |
7 Save 'FIDO2 Security Key' Setting
After our settings have been done we can save the Settings and enablement of the FIDO Policy for your AirID FIDO has been done.
Next up we have articles describing the roll-out requirements for your devices to use the complete functions of your AirID FIDO.