iOS 17: Apple goes all-in with passkeys

iOS 17: Apple goes all-in with passkeys

Apple has introduced new features for passkeys in its iOS 17 update, catering to enterprise needs. Managed Apple IDs now support iCloud Keychain, allowing organizations to provide passkeys while maintaining control over account management. Additionally, administrators can manage passkey synchronization, control passkey creation on managed devices, and use the Passkey API to integrate third-party password managers. This development puts pressure on Microsoft, the current leader in the enterprise environment, to keep up with Apple and Google, who have also enabled passkeys in their enterprise services.

Apple offers Enterprise-Grade Passkey Features

Passkeys are unique credentials that can be used to log into apps and websites, offering robust protection against phishing and credential theft attacks while providing the best login UX. In September 2022, Apple launched them in the iOS 16 update which was already a huge milestone in the authentication universe. At the recent WWDC23, Apple now introduced new features to effectively address needs especially in enterprise environments:

1. Managed Apple IDs

Managed Apple IDs, created in Apple Business Manager or Apple School Manager, now support iCloud Keychain. This means that organizations can leverage managed Apple IDs to provide passkeys in the enterprise environments to users while retaining control over account management. Managed Apple IDs allow IT administrators to control that passkeys registered on managed iCloud accounts will only be saved to the managed iCloud Keychain.

2. Controlling Passkey Sync

Administrators can manage passkey synchronization, allowing passkeys to be synced only to devices managed by the organization. This control ensures passkeys registered on managed iCloud accounts will only be saved to the managed iCloud Keychain and sync to approved devices - and not to private devices or iCloud accounts.

3. Passkey Creation on Managed Devices:

Declarative device management offers an enterprise passkey attestation configuration (attestation is a cryptographic proof verifying the origin and integrity of a public key credential). With these controls, IT administrators can require passkey creation for work on managed devices. This configuration ensures passkey creation occurs on specific devices using access management controls and provides attestation to relying parties, confirming the passkey's origin.

4. Passkey API for Password Managers:

The new Authentication Services API implemented in iOS 17 will enable third-party “passkey providers” such as password managers to create and use passkeys inside any native app that has added passkey support. This allows enterprises to no longer rely on the Apple iCloud Keychain for synchronization and passkey management, but to leverage a password manager that may already be in use anyway. Passkeys can thus also be used outside the Apple ecosystem, which has been a huge hurdle for cross-device / cross-platform cases so far. This feature is interesting for both consumers and businesses, but especially in the enterprise context, it has the advantage of granting co-workers access to a passkey-protected accounts.

1Password passkeys in iOS

Apple and Google increase pressure on Microsoft

iOS 17's passkey updates provide a win-win scenario: Especially enterprises can significantly enhance security while providing employees with a streamlined user experience. Through managed Apple IDs, passkey synchronization controls, and passkey creation on managed devices, organizations can deploy passkeys in managed environments efficiently.

Google recently enabled passkeys in its Google Workspace accounts as well. Apple’s announcement will boost the further adoption of passkeys in the enterprise context, now putting pressure on Microsoft. Microsoft is currently number one in the enterprise environment and must be careful not to outpace Apple and Google with the latest developments.

Passkeys are the most efficient and effective authentication method available. If you want to offer passkeys to your employees or customers today, try Corbado's solution for free. With our passkeys-as-a-service offering, we address challenges that arise when integrating passkeys and take care of updates in the future to ensure your solution is always up to date.

Enjoyed this read?

Stay up to date with the latest news, strategies and insights about passkeys sent straight to your inbox!