Citadel Workstation

Login to your OS with strong MFA

Security keys are the strongest form of multifactor authentication to integrate natively with all operating systems. Harness the power of Public Key Infrastructure to deliver an OS login that meets the highest security standards across Windows, Mac, and Linux.

Why switch to security keys for computer logins

Why switch to security keys for computer logins

Why switch

to security keys for computer logins

Achieve the strongest form of multifactor authentication supported by every operating system. With security keys tied to a corporate chain of trust, it’s impossible for attackers to steal credentials, move laterally, or escalate privileges. A touch of the security key and a PIN unlocks its private key. Only an unlocked key signs the challenge to be cryptographically verified by the OS’s smart card subsystems. No trusted user, no login.

Credentials can't be compromised

Credentials can't be compromised

Native multifactor authentication

Native multifactor authentication

Authentication management and infrastructure

The way to
manage stronger
OS logins

An app for smooth enrollment

The 0pass App gives an easy enrollment flow for every employee—whether they’re in HR or engineering. The App runs on Mac, Windows, and Linux, tying the key to the account and a corporate chain of trust. Just a few clicks and it’s ready to use.

Integrates with OS subsystems

Your security key will works with the smart card support inherent in Windows, Mac, and Linux to authenticate the user. Using native OS systems means full compatibility across all OS versions; no need maintain additional software for OS logins.

Handles the certificate lifecycle

We do the heavy lifting for certificate issuing, management, and revocation. The 0pass App handles certificate renewals. A security key signed by a trusted certificate authority creates a cryptographic trust between it and the accounts that it unlocks.

Manage users and their security keys

Manage users, their keys, and their access to enroll in different levels of trust. Admins can also configure security options like lockout thresholds for incorrect PIN attempts. Employees can simply plug their key in and get to work.

How trust is established

Windows

Your domain controller (DC) can trust the Citadel certificate authority chain which is used to sign certificates for smart card logon to Windows computers and servers. The DC can use this trust to prove the YubiKey was issued to that user.

Windows

Your domain controller (DC) can trust the Citadel certificate authority chain which is used to sign certificates for smart card logon to Windows computers and servers. The DC can use this trust to prove the YubiKey was issued to that user.

Mac

Mac computers can trust the Citadel certificate authority chain which signs certificates for smart card logins. Users plug in the enrolled YubiKey, which is paired to the device. You can deploy configs via MDM to enforce smart card logins.

Mac

Mac computers can trust the Citadel certificate authority chain which signs certificates for smart card logins. Users plug in the enrolled YubiKey, which is paired to the device. You can deploy configs via MDM to enforce smart card logins.

Linux

Linux computers can trust the Citadel certificate authority chain which signs certificates for smart card logins. Users log in to Linux machines with their YubiKey as a smart card. 0pass provides configuration to support all Linux flavors.

Linux

Linux computers can trust the Citadel certificate authority chain which signs certificates for smart card logins. Users log in to Linux machines with their YubiKey as a smart card. 0pass provides configuration to support all Linux flavors.

How you can get started

Request a demo with
a free 30-day trial

Get your team using strong authentication.

Identity tied to PKI

A smooth rollout

Hands-on support

How you can get started

Request a demo with
a free 30-day trial

Get your team using strong authentication.

Identity tied to PKI

A smooth rollout

Hands-on support

How you can get started

Request a demo with
a free 30-day trial

Get your team using strong authentication.

Identity tied to PKI

A smooth rollout

Hands-on support

Your questions, answered.

Why get rid of passwords for OS logins?

Why use native OS support for login instead of an app that handles the login?

What is the connection between YubiKeys and smart card technology?

What happens if a user loses their security key?

How does a YubiKey’s PIN and a password differ?

What if the security key is stolen?

Does Citadel provide audit logging capabilities?

Can the 0pass App (used for enrollment) and system settings be deployed remotely?

Is this cloud hosted or on premises?

Why use Citadel with a security key instead of a phone app for MFA?

Can we use our own certificate authority?