HID Enables Enterprise Passkeys Governance Without User Friction

Posted by Jay Bartlett 10:29 am Categories: Access Control, Biometrics, Solutions Tags: , .

Built into HID’s FIDO authenticators, Enterprise Attestation gives organizations policy-level control over which devices can register passkeys without changing the user login experience

HID has introduced a new capability designed to strengthen enterprise control over passkey adoption without disrupting the user experience.

The company announced the availability of Enterprise Attestation within its FIDO authenticator portfolio, enabling organizations to enforce strict governance over which devices can register passkeys—without adding login complexity.

Strengthening Device Trust Without User Impact

Passkeys have significantly improved resistance to phishing attacks by verifying user identity. However, enterprises still face a critical challenge: ensuring that only trusted, company-issued devices are used to create those credentials.

Enterprise Attestation addresses this gap by verifying the origin of the authenticator during registration.

This ensures that only approved devices can enroll passkeys, giving organizations greater visibility and control over credential issuance while maintaining a seamless login experience for users.

Closing a Critical Gap in Passkey Adoption

According to the FIDO Alliance’s State of Passkey Deployment in the Enterprise report, regulatory requirements remain a major barrier, with 20% of organizations citing compliance concerns.

Without Enterprise Attestation, organizations cannot reliably distinguish between credentials created on personal devices and those issued by the enterprise.

This creates potential security blind spots. By validating device provenance at the point of enrollment, HID enables organizations to enforce clear policies and maintain audit-ready records.

Verification at Enrollment

Enterprise Attestation is embedded within HID’s Crescendo FIDO2-certified smart cards and security keys. It integrates with identity platforms such as PingOne to validate devices during passkey registration.

If a device cannot present valid attestation data, enrollment is automatically blocked based on policy—without requiring additional user steps or workflow changes. This ensures security teams can enforce strict controls without introducing friction.

Standards-Based and Interoperable

The capability is built on FIDO Alliance standards, including WebAuthn and the Client to Authenticator Protocol (CTAP). This standards-based approach allows organizations to implement governance without relying on proprietary systems or altering application authentication flows.

It also ensures interoperability across platforms while maintaining a consistent and familiar user experience.

Built for Regulated Environments

Enterprise Attestation is particularly relevant for industries with strict compliance requirements, such as financial services, healthcare, and critical infrastructure.

It supports frameworks like:

  • NIS2 Directive (EU)
  • Digital Operational Resilience Act (DORA)
  • Zero Trust security mandates

By enabling device-level verification and lifecycle control, organizations can meet regulatory requirements around auditability and traceability.

Real-World Application

Consider a global retailer that restricts passkey usage to approved device models. While this limits unauthorized hardware, it does not confirm whether a device was actually issued by the organization.

With Enterprise Attestation, each device must present a valid certificate proving its origin. If the certificate is missing or invalid, registration is denied. If accepted, the organization gains a verifiable, auditable record of the device—while the user experiences no change in login.

Availability

HID Crescendo authenticators with Enterprise Attestation support are now available globally.

HID powers trusted identities for people, places, and things worldwide. Its solutions enable secure access, seamless transactions, and digital verification across industries including government, healthcare, education, and finance. Headquartered in Austin, Texas, HID operates in over 100 countries and is part of the ASSA ABLOY Group.

Internal Links URLs
https://security.world/passkeys-adoption-challenges
https://security.world/zero-trust-security-explained

External Links URLs
https://www.hidglobal.com
https://fidoalliance.org

Frequently Asked Questions (FAQs)

  1. What is Enterprise Attestation?
    It is a FIDO-based capability that verifies whether a device registering a passkey is issued and trusted by the organization.
  2. Does it affect user login experience?
    No, it operates in the background without adding extra steps for users.
  3. Why is device verification important?
    It ensures that only authorized devices can create credentials, reducing security risks.
  4. Which devices support this feature?
    HID Crescendo FIDO2-certified smart cards and security keys.
  5. Is it compliant with industry standards?
    Yes, it is based on FIDO Alliance standards like WebAuthn and CTAP.
  6. Who benefits most from this capability?
    Organizations in regulated industries or those implementing Zero Trust security models.
Source: hidglobal.com
0 Comments