Windows Passwordless without NDES!

Passwordless login approaches to Windows workstations use x.509 certificates to authenticate users. Still, user enrollment requires a user certificate that must be acquired by forwarding a special request to an existing NDES (Network Device Enrollment Service) Server in the Windows infrastructure. The NDES server is responsible for communicating with an appropriate “issuing” Certificate Authority. This entire process is facilitated by the SCEP protocol, a communication protocol that automates secure certificate enrollment, issuance, and management without needing any manual intervention. The NDES server has traditionally played a crucial role in automating this enrollment process. 

Needless to say, the configuration of an NDES server can be complex, and improper setup may result in challenging issues that are hard to resolve or troubleshoot. Not to mention that there is more infrastructure to manage on an ongoing basis.

The 1Kosmos passwordless approach to Windows eliminates this problem entirely!

Our newly launched Windows-compatible broker eliminates the need for NDES servers and enables direct communication with the Certificate Authority (CA). Due to the direct communication established between the Windows broker and the CA, the necessity of utilizing the NDES becomes redundant. 

How does this benefit our customers, you may ask. It reduces setup and maintenance costs, along with a significantly decreased turnaround time for integrating Windows passwordless authentication. As a result, our customers can become passwordless-ready in a remarkably short period.

However, this advantage is applicable exclusively to customers opting for the 1Kosmos “Windows Broker”- a software component that is deployed inside your Windows infrastructure that manages the enrollment and authentication journey in the case of enterprises that primarily rely on Windows-based infrastructure. Selecting the 1Kosmos Windows Broker confers several advantages since it simplifies the setup process and also enhances interoperability between diverse Windows operating system versions. With the 1Kosmos Windows Broker, you can deploy passwordless login effortlessly into your existing Windows environment. The broker is compatible with NDES infrastructure if you already have it!

Select the option “Enable Windows Broker to Self-Generate X-509 Certificates for Every User” to enable Passwordless Login for Workstations using Windows Brokers on your tenant. Once set up and activated, this feature allows for the generation of X.509 certificates by the Windows Broker during user enrollment.