When every platform, directory, and device has its own login rules, going Passwordless can feel impossible. This leading bank proved it’s not by deploying a single MFA platform to cover everything from desktops to VPNs.

Eliminating the Weakest Link: Extending Passwordless Protection to Every Desktop

A Fortune 50 global bank already had multifactor authentication (MFA) protecting some of its most strategic applications. But leadership recognized a gap: the desktop and laptop endpoints used by 90,000 employees worldwide still relied on traditional password-based access. The bank’s IT security team needed a solution that would strengthen endpoint security without degrading user productivity. Reducing the number of authentication challenges (“hops”) was especially critical for improving efficiency and satisfaction for high-value, time-pressed users like traders.

From an infrastructure standpoint, the solution needed to support both Windows and Mac platforms while also integrating with its existing ForgeRock and Oracle Unified Directory identity stack. It also had to accommodate users who could not access a smart phone for MFA. The goal with this implementation was to migrate all the desktops to Passwordless authentication while paving a path to onboard additional applications and systems for a fully Passwordless future.

After an exhaustive vendor evaluation, the bank selected the technology behind Password Free and initially deployed desktop MFA to over 80% of its workforce with plans to reach 100% over time.

Enterprise-Grade Flexibility: the Foundation for a Secure Passwordless Future

Key technical capabilities that differentiated the solution included:

• MFA passthrough, enabling the desktop authentication session to act as a “master token” that could unlock downstream systems (e.g. VPN) without repeated login challenges

• Support for non-phone authentication, recognizing that some users needed alternate methods beyond mobile push

• Seamless integration with ForgeRock, its access manager, and Oracle Unified Directory

• The flexibility to evolve from desktop-based MFA to Full Passwordless™ under the same vendor

• Responsiveness and customization to meet complex enterprise requirements

By starting with desktop MFA as a controlled “steppingstone,” the bank aligned security, compliance, and user experience goals while keeping momentum toward a fully passwordless future.

Start with What You Have, Scale to What’s Next

The deployment achieved broad coverage across the bank’s global workforce, reinforcing endpoint security at scale. Because the solution supports both MFA and Passwordless under one platform, the bank is well positioned to transition gradually into a true Passwordless paradigm across the entire enterprise. This desktop initiative locked down a critical attack surface, enhanced user experience by reducing redundant authentication steps, and established a robust identity foundation to support the future evolution of its long-term authentication roadmap.