Enterprise FIDO2 Adoption: Versasec & Thales Deliver Enhanced Security with vSEC:CMS 7.1 and Thales eToken Fusion NFC PIV

Date: 2025-07-23
Author: Versasec

Thales and Versasec have a long-standing collaboration in product development, marketing, and being a one-stop-shop for cyber security.

Since the adoption of FIDO2 presented certain challenges for organizations, regardless of size. Versasec and Thales have sat together and reviewed the CTAP2.1 standard and added more to make FIDO2 fit the enterprise.

Naturally, our teams have come together to deliver even more value to our clients who are looking for efficiency, budget-friendliness, and scalability.

In general, the management of the Thales eToken Fusion NFC PIV with Versasec FIDO2 features delivers:

• IdP Provisioning enrolls wide-scale users in IdPs from vSEC:CMS by administrators, adding control and taking away the complexity from users to do on their own.
• Multiple Passkeys Enrollment, during Issuance, enrolls one authenticator in more than two different IdPs and generates multiple passkeys simultaneously. This feature saves time and effort. Enroll a new employee to your selected IdPs from our list of available integrations (Entrust, Gluu, Microsoft Entra ID, Okta, Ping Identity, or Thales).
• Four Plus PIV Certificate Support allows you to manage more than four PIV certificates, which is the PIV standard, on a PIV smart card or token. Limited functionality for PIV devices that offer a supporting MiniDriver.
• One Step Unregistration returns a token or smartcard from every lifecycle stage to the factory default state. Automatically take the identity device through revocation and clean up in one click.

Versasec FIDO2 Enterprise

More specifically, the features after CTAP 2.1 by Thales and Versasec include a portfolio of additional powerful capabilities to add control and simplicity for administrators with FIDO2. 

• Allow List defines for which RP/sites the FIDO2 device can be used. 
• Disable FIDO2 Reset prevents users or attackers from resetting devices and erasing enterprise configuration. Often requested as it can be a denial of service attack vector. 
• Set Minimum PIN Length establishes a FIDO2 PIN policy by setting a minimum PIN length.
• Force PIN Change forces the user to change the PIN on the first credential use.
• Enforce User Verification protects the FIDO2 credentials by always requiring a PIN or fingerprint instead of just touching the smart card or security key. Thus efficiently verifying the user.
• PIN Unblock remotely unblocks the PIN to instantly restore functionality without resetting the device. All existing device credentials remain intact. 
• Retrieve RP ID List lists the relying parties (RPs) associated with the passkeys stored on the device to see which sites the device is registered with.
• List All Credentials for a Specific RP examines the passkeys stored on a device for a specific relying party (RP). 
• Update FIDO2 Credentials modifies information for a specific credential on a device.
• Delete FIDO2 Credentials prevents users or attackers from resetting devices and erasing enterprise configuration. This is often requested as it can be seen as a denial of service attack vector to allow for unauthorized device reset.

In conclusion, vSEC:CMS streamlines your smart card and security key management processes, offering increased security, scalability, and ease of use. Download vSEC:CMS today.