Go Passwordless With Microsoft On-Prem
or in the Cloud

Crayonic KeyVault™ is a multifactor authentication device compliant with FIDO2 and PIV/Smart Card standards.

CRAYONIC KEYVAULT™ PROTECTS USERS AGAINST

phishing

man-in-the-middle attacks

credential stuffing

keyloggers

With Crayonic KeyVault™ and Microsoft 365 productivity cloud, organizations can eliminate passwords, prevent credential theft, and meet regulatory requirements for strong authentication and data protection.

IN CLOUD AND ON-PREMISE

Crayonic KeyVault™ can be registered as the primary authentication for any corporate Azure Active Directory account or a personal Microsoft account.

The user can then securely sign into 

  • Microsoft Office 365 

  • Microsoft Teams

  • Microsoft Azure Portal 

  • On-prem enterprise applications 

  • 3rd-party cloud applications

  • and even Windows 10 desktops

 

Microsoft Azure AD Connect enables extending passwordless authentication to resources running on-premise, like file and print servers.

SIMPLER SAFER LOGIN

Crayonic KeyVault™ offers a better user experience than traditional authentication methods.

 

Users can avoid remembering usernames & passwords and re-typing one-time passwords (OTPs) from tokens or apps running on their smartphones. Regularly enforced password changes is a thing of the past.

With Crayonic KeyVault, signing in to Windows 10 and  Office 365 is as fast and easy as opening a car using a remote key, yet far more secure.

REDUCED IT INVOLVEMENT

The necessary involvement of IT staff is radically reduced as most users can enroll and recover the security token themselves.  

IT can dedicate more attention to the fast and secure onboarding of remote workers. 

 

A single KeyVault device may be paired with multiple user accounts, which simplifies the Privileged Identity Management workflows.

 

The new FIDO2 standard also removes the dependence on complex enterprise PKI providing further cost savings.

STEP-UP AUTHENTICATION

The administrator can combine and configure multiple authentication factors of Crayonic KeyVault. The security policy determines necessary steps to unlock credentials with high assurance requirements. 

  • PIN code

  • Fingerprint recognition

  • Handwriting recognition – passcode or signature

  • Voice recognition – spoken PIN or passphrase

NOT CLOUD-READY YET? NO PROBLEM

Crayonic KeyVault also emulates a PIV-compliant smart card, providing compatibility with existing on-premise Active Directory deployments and PKI infrastructure.

Users can use the KeyVault with their fingerprint or PIN to securely login to Windows workstations, Remote Desktop, VDI, VPN, Wi-Fi, 802.1X, and intranet web applications.

Through the Crayonic Gateway, it is possible to integrate FIDO2 authentication with Active Directory Federation Services or directly with any enterprise application that supports SAML, WS-Trust, OpenID Connect, or OAuth.

PLUG & PLAY USER EXPERIENCE

The user’s PC or mobile device connects to KeyVault via USB, Bluetooth, or NFC.

Supporting open standards FIDO2, FIDO U2F, and W3C WebAuthn makes KeyVault fully compatible with all major platforms. No need to install additional software on Windows 10, macOS, Linux, Android, iOS.

Windows 10 comes with inbox FIDO2 and PIV drivers and it even contains a basic GUI for security token management. The end-user experience with Crayonic KeyVault™ thus really is plug-and-play.

A TRUE VAULT FOR ALL KEYS

In addition to authentication use cases, Crayonic KeyVault™ enables users to

  • unlock BitLocker-encrypted data drives with biometrics

  • use KeyVault as a USB flash drive and safeguard sensitive files with transparent data encryption and biometric authentication

  • securely store legacy passwords directly on KeyVault and let it type them for you (Bitwarden integration)

SMALL DEVICE, HUGE POTENTIAL

Crayonic KeyVault™ is a truly versatile security device. Its many use cases also include:

  • Physical access control (NFC)

  • Follow-Me printing (NFC)

  • Generating one-time passwords compatible with OATH (TOTP / HOTP)

  • Offline cryptocurrency wallet protected by multiple biometric factors and Proof-Of-Free-Will™

  • OpenPGP encryption and authentication.

  • Signing of electronic documents with a qualified electronic signature according to eIDAS.

CRAYONIC 2021