Case Study: Figma achieves company-wide phishing-resistant MFA with Yubico's YubiKey and YubiEnterprise Delivery

Figma implements strong security for all its employees with Okta and the YubiKey

Figma, a cloud-based design platform used by teams across product, design and engineering, needed to protect its remote workforce from phishing-driven account takeovers. Using Okta as its identity provider, the security team sought a low-friction, device‑friendly strong authentication approach that would work across iOS, Android and desktop devices and be rolled out with minimal disruption during the pandemic.

Figma implemented FIDO2/WebAuthn via YubiKey 5Ci integrated with Okta Adaptive MFA and used Yubico’s YubiEnterprise Delivery to ship keys globally. The incremental rollout—starting with high‑risk apps and expanding company‑wide—enabled fast self‑registration and a smooth transition; within weeks about 250 users received keys, the YubiKey became the primary authentication method, and employees now have stronger, scalable protection against phishing with improved user experience.

Figma

Devdatta Akhawe

Head of Security