MyWorkID
MyWorkID closes the gap where traditional solutions fail and delivers precise access control. It provides controlled self-service access under strict conditions, ensures compliance and security, and reduces administrative effort. Whether password resets or user verification, MyWorkID enables your organization to act faster and more securely.
Enhancing security and flexibility in Microsoft Entra ID
MyWorkID enables organizations to strengthen security while giving users more flexibility in managing access and authentication. Through integration with Microsoft Entra ID, MyWorkID provides secure self-service solutions for handling compromised accounts, creating Temporary Access Passes (TAP), resetting passwords, and verifying user identities. By using Conditional Access Policies and authentication context, organizations can apply strict security controls while allowing users to address risks in a controlled environment, ensuring both robust protection and a seamless user experience.
Mitigate user risk
If a user is flagged by Microsoft Entra ID Protection or identified as compromised during incident response, access to organizational resources must be quickly restricted or blocked. Risk-based Conditional Access Policies are applied to prevent further unauthorized access by compromised identities.
To protect the organization, users must be isolated and prevented from accessing Entra ID-protected cloud applications until the risk is mitigated. Currently, remediation options within Microsoft Entra ID are limited to password changes or full account lockouts—solutions that may not align with organizations adopting passwordless authentication methods.
With MyWorkID integrated into Conditional Access Policy targeting, organizations can grant compromised users restricted portal access under controlled conditions. For example, users marked as risky can access the portal if their device remains compliant or if they re-authenticate with strong authentication methods. This approach gives organizations the flexibility to define robust, granular conditions for a self-service solution that allows users to address and resolve their risk status.
Create a Temporary Access Pass
A user needs a Temporary Access Pass (TAP) to set up a new or replacement device.
Currently, Microsoft Entra ID lacks a built-in self-service feature that allows end users to request a TAP. This means organizations rely on a service desk or must implement a custom solution to provide TAPs to users, increasing complexity and administrative effort.
With MyWorkID, end users can generate a TAP through a self-service process. Given the sensitivity of this credential, granular and strict conditions must be met to obtain a TAP. To enhance security, authentication context is supported, allowing Conditional Access Policies to be triggered during this critical user action to ensure strong protection for the organization.
Reset password
A user needs to reset their forgotten password. This situation can occur when users who normally rely on passwordless authentication methods occasionally need to access an application that only supports password-based authentication.
By default, Microsoft Entra ID offers only limited scenarios for passwordless users to reset their passwords. Most commonly, a self-service password reset (SSPR) is required, which provides only a restricted set of security policies and conditions that must be met for a password reset.
With MyWorkID, Conditional Access Policies can be enforced through authentication context to secure these sensitive user actions. For example, a password change request can only be initiated via self-service if the user has no risk status, is using a compliant device, and has successfully completed strong authentication. This ensures greater control and security during the password reset process.
User verification
An employee cannot use their work account for authentication (e.g., access is blocked) or the organization needs to verify the authenticity of the account holder.
While Microsoft Entra offers verification options with verifiable credentials ("Verified ID"), there is no built-in feature for employees to initiate a verification request themselves.
With MyWorkID, organizations can use Verified ID to perform a liveness check and verify the authenticity of an employee. End users can access the verification portal, where they must undergo highly secure verification via Face Check. This process enhances security by matching a real-time selfie of the user with their Microsoft Entra ID account photo. The system securely stores a trust score and timestamp within Microsoft Entra ID, which IT departments (e.g., SOC or helpdesk) can access if authorized to view the user's verification data. This feature adds a critical layer of trust and security to the user verification process.
