How to enable a multiple MFA selector

Replace legacy RSA SecurID with YubiKey passwordless authentication.

  • Replace outdated VPN-centric MFA tokens and adopt modern FIDO2 authentication without custom code
  • Enroll users in YubiKey protection without any interruption to existing access workflows
  • Enable modern authentication protection for any on-prem or cloud app
Ingredients
MFA
Resilience
Azure AD
YubiKey

Leave a real legacy by modernizing authentication architecture

The recipe diagram

A simple user journey that simply works.

The sequence diagram

How everything comes together to authenticate.

  • Your user will navigate to the existing protected app through their standard access workflow.

  • The user will then either sign in with their app-level credentials or your SSO provider will be leveraged to ensure that the user has the appropriate active group membership for accessing the application.

  • The RSA SecurID step-up authentication process will be followed one last time, asking the user to enter their RSA Keychain Code.

  • A new one-time registration screen will be displayed informing the user they are being registered for YubiKey authentication, and ask for the appropriate user information.

  • Your user will be instructed to enter their known YubiKey PIN and touch the inserted YubiKey dongle to complete the registration.

  • The user will then have access to the protected application as expected.

  • All future user access to this particular app will then bypass the SecurID workflow and follow the new YubiKey authentication steps instead.

  • This recipe demonstrates how to replace your legacy RSA SecurID MFA on critical business apps without any interruption to your users’ access experience or needing to rewrite any code.
  • The traditional method for cutting over from a legacy 2FA solution to modern authentication like YubiKey required permanent rewrites for each protected app, and resulted in an “all or none” first-time access experience.
  • The Maverics Identity Orchestration Platform allows you to phase the deployment of your new YubiKey FIDO2 passwordless security investment for specific groups of users at a time, running both YubiKey and SecurID concurrently until testing is complete and you can retire your RSA solution.
  • Best of all, Maverics minimizes the disruption in the existing authentication workflow that your users have come to expect over the years and no permanent code changes are needed for your protected applications to make the switch.

Most users will never know you changed anything

Ready to cook up your perfect identity modernization solution?

Stop juggling disparate identity services. Unleash the power of Strata’s orchestration recipes.
Whether you’re dealing with legacy app modernization or controlling multi-cloud access, Orchestration Recipes have got you covered.

Read the docsTry this in Maverics