Passwordless with fido2

%3CLINGO-SUB%20id%3D%22lingo-sub-2766699%22%20slang%3D%22fr-FR%22%3EPasswordless%20with%20fido2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2766699%22%20slang%3D%22fr-FR%22%3E%3CP%3EHi%20all%20%3A)%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20wondering%20how%20to%20manage%20an%20important%20employee's%20turnover%20with%20a%20Passwordless%20solution%3F%26nbsp%3B%3C%2FP%3E%3CP%3EEspecially%20with%20the%20fido2%20key%20(Yubiko).%20Is%20it%20possible%20to%20reassign%20a%20key%20to%20another%20user%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20users%20didn't%20have%20a%20phone%20for%20the%20authenticator%20app%3F%20maybe%20using%20a%20generic%20account%3F%20even%20if%20it's%20not%20recommended.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%20for%20your%20help%20and%20responses.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2766699%22%20slang%3D%22fr-FR%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2771139%22%20slang%3D%22en-US%22%3ERe%3A%20Passwordless%20with%20fido2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2771139%22%20slang%3D%22en-US%22%3EHello%20Kamy%2C%3CBR%20%2F%3Eit%20depends%20on%20the%20Passwordless%20solution%20you%20choose%3A%20FIDO2%2C%20SMS%2C%20Authenticator%20App%2C%20Windows%20Hello%20For%20Business%3CBR%20%2F%3ESource%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-authentication-passwordless%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-authentication-passwordless%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20each%20authentication%20method%2C%20an%20admin%20can%20remove%20them.%20In%20your%20case%2C%20you%20will%20be%20able%20to%20remove%20a%20FIDO2%20key%20and%20give%20it%20to%20another%20user%20(same%20for%20the%20WHfB%20with%20the%20workstation)%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20this%20helps!%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20as%20you%20say%2C%20%22generic%20account%22%20is%20not%20a%20great%20idea%20%3B)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E
Frequent Visitor

Hi all :) 

 

I was wondering how to manage an important employee's turnover with a Passwordless solution? 

Especially with the fido2 key (Yubiko). Is it possible to reassign a key to another user?  

If users didn't have a phone for the authenticator app? maybe using a generic account? even if it's not recommanded. 

 

thanks for your help and responses. 

1 Reply
Hello Kamy,
it depends on the Passwordless solution you choose: FIDO2, SMS, Authenticator App, Windows Hello For Business
Source: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwo...

For each authentication method, an admin can remove them. In your case, you will be able to remove a FIDO2 key and give it to another user (same for the WHfB with the workstation)

Hope this helps!

And as you say, "generic account" is not a great idea ;)