Hacker News new | ask | show | jobs
by timothy-quinn 2189 days ago
Hi! I'm actually the product manager for the product mentioned in that article: https://enterprise.signata.net.

Are you heavily SaaS based for the tools you use in your startup, or do you have some on-prem infrastructure? That'll kind of dictate which path you should go down for provisioning the keys to your users. Our product will be perfect if you're using AD & a Microsoft CA internally (or are willing to set one up), as you could then just set up 3 YubiKeys for each employee, all loaded with certificates for authentication.

And, should one be stolen or an employee leaves, just revoke the certificates on it to kill the access immediately.

Any path you go down should really still only take a bit of time upfront and almost nothing longer term, unless your team grows fast.

You can also hit me up at tim@congruentlabs.co and I can give you more advice if you don't want to mention specifics publicly.
1 comments
techslave 2189 days ago
did you not read the question? it’s 5 ppl and either outside IT or random joe employee 1-2 hrs per week. they are not managing AD and CA infrastructure.
link
timothy-quinn 2189 days ago
Yeah that's why I added the "if" - But I have seen a lot of very small teams running AD (or Azure AD if they've chosen the Microsoft path), but they tend to just be paranoid about security or running in countries with poor internet connections.

Microsoft also provide pretty cheap deals for startups if they want some basic infrastructure for the office (excluding the hardware of course), so it's not entirely out of the equation on the licencing side either.

Really small teams typically will find U2F auth easiest to work with in the beginning, and then after hitting like 20 users they'll bump into problems like a large enough number of connected systems that they need to manage 2FA for.

link