User Profile
Rakib
Level 2.3: Gingerbread
Joined 3 years ago
User Widgets
Contributions
Re: Fido2 key and their issues using them on Android
USB-C usually takes to long and we need to manually disable OTP on each Yubikey, since we have standardized on Yubikey in our organization. NFC will provide a much faster way to sign in. Our use case is health care/ frontline workers, where one comes in for their shift, grabs a dedicated Android devices and we want the users to log in the phone in a secure fashion.Re: Fido2 key and their issues using them on Android
Hi Emilie_B, Our goal is to make use of fido2 keys as the authentication method for shared Android devices, as it is considered as a phising-resistant MFA. With NFC support for CTAP2 on Android this could be achieved. We do use it already for our shared Windows computers, and there is also support on the iOS devices.Fido2 key and their issues using them on Android
First, do Android support using Fido2 keys on Android? Yes, it does support both using bluetooth, NFC and USB authentication. For reference: https://developers.google.com/identity/fido/android/native-apps But does it mean that it is straight forward to use it in a enterprise environment without hiccups? No, the support lacks many features that both Windows and iOS has supported for long time. If I buy a modern Fido2 with OTP support, will it work straight out of the box for using the USB? No, you need to disable the OTP support first. Here is how you can do that from yubikey manager, this works for Yubikey. Other vendors might have something similar. But for Fido2 keys without OTP support, it should work out of the box for USB-C, like Google titan. Why this happens, dont know. Can we use NFC for Entra ID authentication like we can on Windows and iOS? No. Android does not currently support CTAP2 for NFC, only for USB-C input. CTAP1 (FIDO U2F) supports certificate based authentication, but CTAP supports user verification with PIN and biometrics. Entra ID requires UV (user verification) before accepting login. As far as I know, there is also support for bluetooth. But I dont have any fido2 keys that support bluetooth yet. So why does this matter? With Android you can have shared devices with secure login for multiple users with a single log in for all supported apps, auto log off and many other possibilities. https://learn.microsoft.com/en-us/entra/identity-platform/msal-shared-devices Other sources/discussions: https://www.reddit.com/r/yubikey/comments/1oncuh2/whats_the_point_of_nfc_on_android/ https://www.reddit.com/r/yubikey/comments/13tlzoc/fido2_inconsistent_across_windowsandroid/ https://fidoalliance.org/specifications/Re: [Feature Focus] Managed Google Domains & Insider Opportunity
Looks like its already available in our iframe. But before we do anything, can you change the emailadress in the future? We are going to change our domain beginning of next year, so we need to see if this is something we initiate now or wait to next year.Re: [Community Feedback] About our latest watchparty
Everything Android Enterprise new functionality! I want to talk to the product teams, what are they working on. Ideas they want to talk to us about, marked research anything related to new functionality, we can help them prioritize. I am not interested to watching Jimmy Fallon in any capacity, except maybe in SNL.Re: [Feedback] App installs: share your experiences & suggestions
This is the section for asks and suggestion, I know it is not possible today. I feel that managed play store and public store store should not abide the same rules, just like versioning, reverting and other suggestions from this thread.Re: [Feedback] App installs: share your experiences & suggestions
Whats possible in our MDMs for Android Enterprise: Intune: Only possible to install apps from managed google play store WS1: Install from google play store and upload apk-file from console. Issue is Google Managed store requires an unique appid even for private apps, can this restriction be removed for private apps. Thanks! Pretty please 😇
