MyWorkID fills the gap where traditional solutions fall short, delivering precise access control. It offers controlled, self-service access under strict conditions, ensuring compliance and security while reducing administrative overhead. Whether it's password resets or user verification, MyWorkID enables your organization to act faster and more securely.
MyWorkID
MyWorkID fills the gap where traditional solutions fall short, delivering precise access control. It offers controlled, self-service access under strict conditions, ensuring compliance and security while reducing administrative overhead. Whether it's password resets or user verification, MyWorkID enables your organization to act faster and more securely.
When a user is flagged by Microsoft Entra ID Protection or identified as compromised during an incident response, access to organizational resources must be swiftly restricted or blocked. Risk-based Conditional Access Policies are applied to prevent further unauthorized access by compromised identities.
To safeguard the organization, users must be isolated and blocked from accessing Entra ID-protected cloud applications until the risk is mitigated. Currently, remediation options within Microsoft Entra ID are limited to password changes or complete account blocks – solutions that may not align with organizations adopting passwordless authentication methods.
With MyWorkID integrated into Conditional Access Policy targeting, organizations can grant limited portal access to compromised users under controlled conditions. For example, users marked as risky can access the portal if their device remains compliant or if they have re-authenticated using strong authentication methods. This approach provides organizations with the flexibility to define robust, granular conditions for a self-service solution that allows users to address and resolve their risk status.
A user requires a Temporary Access Pass (TAP) for the onboarding of a new or replacement device.
Currently, Microsoft Entra ID lacks built-in self-service functionality that allows end-users to request a TAP. This means organizations must rely on a service desk or implement a custom solution to provide the TAP to users, adding complexity and administrative overhead.
With MyWorkID, end-users can generate a TAP through a self-service process. Given the sensitivity of this credential, granular and stringent conditions must be met to obtain a TAP. To enhance security, Authentication Context is supported, allowing Conditional Access Policies to be triggered during this critical user action, ensuring strong protection for the organization.
A user needs to reset their forgotten password. This situation may arise when users, who typically rely on passwordless authentication methods, occasionally need to access an application that only supports password-based authentication.
By default, Microsoft Entra ID offers limited scenarios for passwordless users to reset their passwords. Most commonly, Self-Service Password Reset (SSPR) is required, which provides only a restricted set of security policies and conditions that must be met for a password reset.
With MyWorkID, Conditional Access Policies can be enforced through Authentication Context to secure these sensitive user actions. For instance, a password change request can only be initiated through self-service if the user has no risk status, is using a compliant device, and has successfully passed strong authentication. This ensures greater control and security during the password reset process.
An employee is unable to use their work account for authentication (e.g., access has been blocked) or the organization needs to validate the authenticity of the account owner.
While Microsoft Entra offers verification capabilities using Verifiable Credentials ("Verified ID"), there is no integrated feature for employees to initiate a verification request on their own.
With MyWorkID, organizations can leverage Verified ID to conduct a liveness check and verify the authenticity of an employee. End-users can access the portal for verification, where they must undergo high-assurance verification via Face Check. This process strengthens security by matching a real-time selfie of the user with their Microsoft Entra ID account photo. The system securely stores a confidence score and timestamp within Microsoft Entra ID, which IT departments (e.g., SOC or Helpdesk) can access if they have permission to view the user's verification data. This feature adds a critical layer of trust and security to the user verification process.