Thales News Release

Thales expands Passwordless Authentication for Microsoft Azure Active Directory Customers with New Phishing-Resistant Hybrid Authenticators

April 25, 2023

  • New SafeNet eToken Fusion Series combines Fast IDentity Online 2.0 (FIDO2) and PKI Certificate-Based Authentication in a single authenticator, fully compatible with Microsoft Azure Active Directory
  • Available in different form factors to allow users to access sensitive enterprise resources from any device

2023 Thales Data Threat Report

Thales, the leading global technology and security provider, today launched the SafeNet eToken Fusion series, a new set of USB tokens combining Fast IDentity Online 2.0 (FIDO2) with PKI/CBA in a single authenticator. Thales’s new tokens are designed to protect Microsoft Azure Active Directory (Azure AD) users against account compromise and provide stronger security for access to cloud and web applications. The SafeNet eToken Fusion Series enables organisations to utilize phishing-resistant passwordless authentication methods, improving security for enterprise resources accessed from any device.

Along with protecting against rising phishing threats, SafeNet eToken Fusion Series helps organisations meet their compliance needs for emerging cybersecurity standards. PKI/CBA and FIDO2 are the only two authentication methods recognised as phishing-resistant by U.S. EO 14028. This expands the reach of the Thales portfolio of industry-compliant authenticators, including the IDPrime FIDO Series.

Haider Iqbal, IAM Director of Product Marketing at Thales: “Many organisations have heavily invested in PKI infrastructure to secure access to their internal resources. They want to leverage PKI to secure access to cloud based resources or move to a modern form of authentication (FIDO2) while maintaining the usage of PKI for digital signature, data encryption. The SafeNet eToken Fusion Series provides the best of both FIDO and PKI worlds, and we are thrilled to equip customers with a solution that ensures enhanced security and compliance measures for access to their Azure AD resources.”

Natee Pretikul, Principal Product Management at Microsoft, Identity and Network Access: “Supporting phishing-resistant authentication methods is core to our mission to protect users against account compromise. The Microsoft team has been hard at work to extend our Azure AD capabilities, providing support for certificate-based authentication (CBA) along with Conditional Access Authentication Strength. We are pleased to announce that, Azure Active Directory combined with Thales new phishing-resistant hybrid authenticators offer agencies and overall industry leaders an overall solution to maintain US President’s Executive Order 14028 compliance and strengthen the protection of their most sensitive data.”

Users who leverage SafeNet eToken Fusion Series and Azure AD can benefit from:

  • Using one single authenticator to securely access cloud apps and sign or encrypt digital documents from any desktop or mobile phone
  • Protecting access to modern resources that support FIDO and “legacy” resources that support CBA
  • Reducing the risk of data breaches by deploying phishing-resistant multi-factor authentication (MFA)
  • Adopting FIDO while maintaining traditional PKI use cases like qualified digital signature and file encryption

The SafeNet eToken Fusion Series is available for use today. For a demo, visit Thales’s booth # N-5369 and Microsoft’s booth # N-6044 at RSA Conference 2023 (April 24 – 27 in San Francisco, USA). For more information, visit our landing page.