We're trying to help a customer set up Entra accounts for around 2,000 frontline workers. These accounts will only be for logging into local machines and accessing their SSO portal, so we believe licensing isn't an issue here. However, since these workers may not be very tech-savvy, we're concerned they might forget their passwords often, which could overwhelm the help desk. They want to enable self-service password resets but that seems to require an F1 license at minimum. Additionally, plenty of these workers don't have smartphones, which complicates things further. We're looking for alternative solutions, like using their existing badges as smart cards, but unfortunately, they don't have FIDO2 badges at this time. Any thoughts on handling this situation or products that could assist?
4 Answers
They’re trying to avoid burdening the help desk, but honestly, they’re going to have to deal with calls no matter how you set this up. If they go with FIDO2, expect lost keys and plenty of help desk calls from confused users.
Imprivata offers a great solution that allows using employee RFID badges for logins, especially in healthcare settings through their product called Imprivata OneSign. Just a heads up—it can be pricey, so be prepared for that if you go this route!
The QR code authentication flow could really help here. Try printing the QR code on the back of their badges or possibly texting it to the workers who have phones. It'll make logging in a lot easier!
Thanks for the suggestion! However, quite a few workers won’t have smartphones. We need to think of something more universally accessible.
Sticking a QR code on the badge is such a clever idea! Wish I had thought of that!
SSPR is free with a tenant. Just so you know, starting on October 1, 2025, MFA will be required for all Entra accounts. The big question is if the workers are using company devices or just accessing a company portal. Do we have kiosk devices as an option?
Yeah, but if they’re looking to avoid F1 licenses, Imprivata might not fit their budget.