vSEC:CMS Identity | Enterprise Authentication
Part of our Enterprise Credential Management solution suite.
Accelerating passkey adoption for the enterprise.
No more passwords or temporary codes, no more exposed gaps.
Designed to be deployed within an organization’s environment: on-premises, air-gapped, or in a private cloud, vSEC:CMS Identity is an add-on MFA authentication server for vSEC:CMS and vSEC:CLOUD. Now, during issuance, a passkey can be generated in vSEC:CMS Identity and used for instant authentication.
By enabling FIDO2 device-bound passkeys, organizations can drastically simplify the user login process while actively preventing phishing attacks.
Video: Welcoming Versasec vSEC:CMS Identity.
A passwordless experience for all users.
1. Issuance of passkey with vSEC:CMS and vSEC:CMS Identity.
Providing a security device with passkeys has never been easier. With vSEC:CMS Identity, Versasec customers can manage FIDO2 devices and create device-bound passkeys for all their web applications. Smart cards and security keys are seamlessly ready for login.
2. Authentication using the generated passkey.
Use the generated passkey to log into web applications configured to rely on vSEC:CMS Identity for user authentication.
3. Revocation of passkey with vSEC:CMS.
Revoke the device-bound passkey with one click. The user passkey will be revoked and no longer available for log in to company accounts.
4. User creates a passkey for their token.
Users can also manage their own security device from the vSEC:CMS User or through Web Start. One click to configure the security device and generate their passkey, set up their PIN, and start safely authenticating.
Benefits
Three reasons to choose vSEC:CMS Identity:
- Transition to Passwordless Security: Ideal for enterprise customers looking to upgrade from vulnerable and dated authentication methods, while keeping the authentication infrastructure in-house.
- Seamless Application Access: Empowers companies to use a central authentication server to offer a secure, frictionless login experience across protected web applications, REST APIs, and other corporate web services, leveraging WebAuthn and FIDO2.
- Data Sovereignty: Because it is entirely customer-managed and deployed on-premises and air-gapped, it is perfect for organizations with strict security and data control requirements. Organizations don’t have to outsource trust to external identity providers.
How It Works
How vSEC:CMS Identity interacts with the vSEC:CMS platform:
- vSEC:CMS Identity is not a standalone identity provider; it is an integrated part of an existing vSEC:CMS deployment.
- Centralized Hub: The vSEC:CMS server acts as the central engine for managing the complete lifecycle of the authentication devices and their device-bound passkeys used to authenticate the users.
- Secure Key Management: Instead of registering one credential per site, vSEC:CMS generates and manages the FIDO2 passkey for each user, used in all sites.
- Standards-Based Authentication: When a user attempts to access a protected web application or Relaying Party (RP), vSEC:CMS Identity securely authenticates the user with their active FIDO2 device-bound passkey via OpenID Connect (OIDC).
By building upon the proven capabilities of vSEC:CMS, vSEC:CMS Identity ensures organizations can easily and securely extend their trusted credential management system into the realm of modern, passwordless web authentication. – Anders Adolfsson, Product Manager, Versasec
vSEC:CMS Identity Technical Diagram
The diagram highlights the different pieces of vSEC:CMS working together:
- vSEC:CMS Agent or Admin: vSEC:CMS applications used to manage the vSEC:CMS Servers.
- vSEC:CMS Server: the central engine for managing the complete lifecycle of the authentication devices and their device-bound passkeys.
- vSEC:CMS Identity Server: securely authenticates the user with their active FIDO2 device-bound passkey via OpenID Connect.
- vSEC:CMS User: an optional component for employee self-service including generation of device-bound passkeys and ongoing life cycle tasks for the FIDO2 device.
Specifications
| Authentication Standards | FIDO2 |
| Credential Types | Device-bound passkeys on devices managed by vSEC:CMS |
| Identity Protocol | OpenID Connect (OIDC) |
| Protected Targets | Web resources, Relaying Parties (RPs) |
| Backend Integration | Out of the box integration with vSEC:CMS |
| Deployment Models | On-premises including air-gapped or private clouds |
| Runs on | Windows Server 2019-2025 |
Availability
vSEC:CMS Identity is now available with version 7.4 or newer to all vSEC:CMS Premium and vSEC:CLOUD customers.
Flyer
Download the vSEC:CMS Identity Flyer.
FAQ
- How does vSEC:CMS Identity compare to cloud IdPs?
vSEC:CMS Identity complements our core platform to serve as a centralized authentication server, seamlessly federating your identity needs.
A single pane of glass on-prem authentication service designed primarily for customers who require their infrastructure to be on-prem and even air-gapped, thereby ensuring data sovereignty and keeping the authentication infrastructure in-house. It provides a simpler, single-vendor authentication option for all organizations and those with specific non-cloud use cases. - When will vSEC:CMS Identity be available?
vSEC:CMS Identity is now available with version 7.4 or newer to all vSEC:CMS Premium (Subscription customers, or customers with a Premium Support & Maintenance contract), and to all vSEC:CLOUD customers.
- How can I access vSEC:CMS Identity if I’m already a Premium Customer?
The feature is included with vSEC:CMS Premium and vSEC:CLOUD. You must ensure you are running vSEC:CMS version 7.4 or newer. vSEC:CMS Identity is available for download as a separate installer, see the related Support article for more details. - How can I upgrade to Premium to start using vSEC:CMS Identity?
To upgrade to vSEC:CMS Premium or to vSEC:CLOUD, please contact your Sales Representative to start enjoying Premium benefits! - How can I book a call with an Identity Expert to answer more of my questions?
Certainly. Please contact us through our Speak with an Expert portal to get something scheduled in your calendar today!
Schedule a call with an identity management expert at Versasec. Choose your language and region.
Versasec Support
Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.
Company Blog
Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.