UseCase
Browser Login

ThinC-AUTH can login to Azure AD through a browser such as Microsoft Edge that supports FIDO2 authentication. When you log in to Azure AD or Office365, you will see various login options on the Microsoft login form. You can select the “Security Key” option for FIDO2 login without password. If you select one of the user accounts displayed on the login form, you can log in by touching your finger registered with ThinC-AUTH. To deploy browser FIDO2 login to Azure AD, before starting to use ThinC login, ThinC-AUTH setting to register user's finger focus with ThinC-AUTH and security key setting to browser and Azure AD are required.

 

You can perform single sign-on (SSO) for various cloud applications such as AWS, G-SUIT, and Azure AD-based SaaS applications. This means no further authentication is required to login to other cloud applications from Azure AD. To deploy SSO, Microsoft and its partners have published tutorial documents for integrating them.  According to the documentation guide, users can deploy SSO for Ids or Sps-based SAML federation.

 

SSO from Azure AD to on-premises systems is possible. In a hybrid system, SAML federation seamlessly logs into the on-premises system. Microsoft announced ADFS or Azure-based SSO to on-premises servers. For more information, see "Hybrid system".

Windows/Azure AD Simultaneous Login

This is a ThinC login that executes Windows login at the time of PC terminal startup by ThinC-AUTH announced by Microsoft in July 2019 and sign in to Azure Active Directory (AD) at once.

To use the enterprise security key, it is necessary to set the cloud environment in advance. It is necessary to set up Azure AD joining (joined) for corporate domain, user's organizational account, and PC terminal in Azure AD.

The use of the domain "contoso.com" and organizations account in the company, Microsoft's cloud services in the account at the time of order to use the (Azure, Office 365, Intune, etc.), the administrator of the organization, created in Azure AD I can do it. Organizational accounts are also called “work or school accounts”. You can create an Azure subscription with an organizational account.

At first time to do Cloud/OS login,  internet connection is required before Windows OS starts. Since FIDO2 authentication is executed by Cloud server (Azure AD), the communication between Azure AD and ThinC-AUTH should be performed through PC device. After the first time, users can login to Windows OS without internet connection, because Widows get necessary data from Azure AD.

Work at home

When an employee is at the office, they are working behind layers of preventive security controls. While not perfect, it is harder for an employee to get in trouble at the office. However, when computers leave the perimeter and employees work remotely, new risks arise and additional policies are essential. Remote work presents a unique challenge for corporate information security because remote work environments usually don't have the same safeguards as a corporate office.

Among various safeguards, password-less login plays the most important role for protection. By use of ThinC, employee can safely login from Browser to company cloud environment together with company inside on personal PC device. Since all users credentially is stored in ThinC-AUTH, employee uses ThinC-AUTH both in the company and at home.

Store

Employee use a shared PCs with ThinC-AUTH of each employee. Since  all personal credentials are stored in ThinC, employees can share the same PC. At store, mployee works at time duration on shared PC or POS terminal.

When users launch an app on a shared device, they’re prompted to sign in with their credentials. Apps only launch after a successful sign-in. The required credentials depend how you have set up identity in your institution.

The sign-in screen warns users to sign out of Creative Cloud after they leave from his desk. Also, users should not store any assets on this shared device.

Users login independently into shared device. Users must logout before they leave from shared device. Otherwise, the screen will be locked and other users cannot access without unlocking by the user.