Go Passwordless With Microsoft On-Prem
or in the Cloud
Crayonic KeyVault™ is a multifactor authentication device compliant with FIDO2 and PIV Smart Card standards.

CRAYONIC KEYVAULT™ PROTECTS USERS AGAINST
phishing
man-in-the-middle attacks
credential stuffing
keyloggers

With Crayonic KeyVault™ and Microsoft 365 productivity cloud, organizations can eliminate passwords, prevent credential theft, and meet regulatory requirements for strong authentication and data protection.
IN CLOUD AND ON-PREMISE
Crayonic KeyVault™ can be registered as the primary authentication for any corporate Azure Active Directory account or a personal Microsoft account.
The user can then securely sign into
-
Microsoft Office 365
-
Microsoft Teams
-
Microsoft Azure Portal
-
On-prem enterprise applications
-
3rd-party cloud applications
-
and even Windows 10 desktops
Microsoft Azure AD Connect enables extending passwordless authentication to resources running on-premise, like file and print servers.


SIMPLER SAFER LOGIN
Crayonic KeyVault™ offers a better user experience than traditional authentication methods.
Users can avoid remembering usernames & passwords and re-typing one-time passwords (OTPs) from tokens or apps running on their smartphones. Regularly enforced password changes is a thing of the past.
With Crayonic KeyVault™, signing in to Windows 10 and Office 365 is as fast and easy as opening a car using a remote key, yet far more secure.
REDUCED IT INVOLVEMENT
The necessary involvement of IT staff is radically reduced as most users can enroll and recover the security token themselves.
IT can dedicate more attention to the fast and secure onboarding of remote workers.
A single KeyVault device may be paired with multiple user accounts, which simplifies the Privileged Identity Management workflows.
The new FIDO2 standard also removes the dependence on complex enterprise PKI providing further cost savings.


STEP-UP AUTHENTICATION
The administrator can combine and configure multiple authentication factors of Crayonic KeyVault™. The security policy determines necessary steps to unlock credentials with high assurance requirements.
-
PIN code
-
Fingerprint recognition
-
Handwriting recognition – passcode or signature
-
Voice recognition – spoken PIN or passphrase
LEGACY INFRASTRUCTURE & APPS?
NO PROBLEM
Crayonic KeyVault™ also emulates a PIV-compliant smart card, providing compatibility with existing on-premise Active Directory deployments and PKI infrastructure.
Users can use the KeyVault with their fingerprint or PIN to securely login to Windows workstations, Remote Desktop, VDI, VPN, Wi-Fi, 802.1X, and intranet web applications.
Through the Crayonic Gateway, it is possible to easily issue X509 certificates or dynamic or static passwords directly into KeyVault over the web browser.
Keyboard over BLE and USB emulation enters passwords for users into legacy desktop and mobile apps.

PLUG & PLAY USER EXPERIENCE
The user’s PC or mobile device connects to KeyVault via USB, Bluetooth, or NFC.
Supporting open standards FIDO2, FIDO U2F, and W3C WebAuthn makes KeyVault fully compatible with all major platforms. No need to install additional software on Windows 10, macOS, Linux, Android, iOS.
Windows 10 comes with inbox FIDO2 and PIV drivers and it even contains a basic GUI for security token management. The end-user experience with Crayonic KeyVault™ thus really is plug-and-play.
A TRUE VAULT FOR ALL KEYS
In addition to authentication use cases, Crayonic KeyVault™ enables users to
-
unlock BitLocker-encrypted data drives with biometrics
-
use KeyVault as a USB flash drive and safeguard sensitive files with transparent data encryption and biometric authentication
-
securely store legacy passwords directly on KeyVault and let it type them for you (Bitwarden integration)


SMALL DEVICE, HUGE POTENTIAL
Crayonic KeyVault™ is a truly versatile security device. Its many use cases also include:
-
Physical access control (NFC)
-
Follow-Me printing (NFC)
-
Generating one-time passwords compatible with OATH (TOTP / HOTP)
-
Offline cryptocurrency wallet protected by multiple biometric factors and Proof-Of-Free-Will™
-
OpenPGP encryption and authentication.
-
Signing of electronic documents with a qualified electronic signature according to eIDAS.