Azure AD
Target App

HYPR Authentication

Use this recipe to:

Quickly deploy HYPR passwordless protection to any on-prem or cloud app

Phased deployment reduces risk and supports coexistence of authentication solutions

Enable new recovery options via orchestration of additional authentication solutions

Reduce friction by enrolling users to HYPR within existing access workflows

Recipe summary: HYPR Authentication

This recipe demonstrates how you can leverage AzureAD as your cloud identity target and add HYPR passwordless protection to any app without rewriting it. Modern authentication solutions like HYPR add the latest FIDO2 passwordless security to your existing business applications. Deploying these passwordless authentication solutions to your applications often requires access to the source code to rewrite the apps and accept HYPR as the strong authentication provider. The Maverics Identity Orchestration Platform allows you to quickly and easily deploy no-code HYPR FIDO2 security to any app across your company.

Recipe instructions: HYPR Authentication


The user will navigate to the business application they wish to access via their traditional access workflow.


The user will either input their credentials or leverage your existing SSO solution.


Maverics will then intercept the request and direct the user to HYPR to check whether they have previously registered for access to that app or not.


If it is their first time accessing that app, Maverics will automate the AzureAD lookup to ensure that they have the appropriate group membership rights for accessing the application.


The first-time user will then see a new registration page informing them of HYPR protection for the app and ask for the appropriate user info to complete registration and email verification.


Once confirmed against group membership in AzureAD, HYPR will prompt the user to download the app and register their device. Once the user has been successfully registered and confirmed on their mobile device they can successfully access the application.


The next time the user navigates to that application, HYPR will automatically check their group membership in AzureAD and instruct them to follow the standard HYPR authentication workflow.

Note: this recipe can also allow for integration with legacy authentication initiation via NTLM/Kerberos.

View recipe in action: HYPR Authentication

Recipe sequence diagram: HYPR Authentication

Recipe YAML config settings: HYPR Authentication

Maverics Identity Orchestration works with a simple YAML config* (as shown in the figure to the right). No app rewrites or custom code is required. Download this recipe’s full config file below.

*Config may vary based on your environment.