Introducing New Capabilities: Versasec FIDO2 Enterprise (+ Video Demo)

Date: 2024-12-05
Author: Versasec

Versasec Fido2 Enterprise

Passwords are becoming a leading cause of identity theft and security breaches. FIDO2 security devices offer organizations passwordless, phishing-resistant authentication to address this risk. This helps prevent account takeovers and unauthorized access to sensitive resources like web applications and Windows endpoints.

However, mass deployment and management of FIDO2 devices and passkeys present challenges in the workplace. Organizations require control over their devices, including tracking status and visibility into deployment coverage. Additionally, they need recovery options, centralized revocation, and comprehensive lifecycle management. Finally, they seek streamlined self-service capabilities, advanced PIN policy enforcement, and software tools to comply with industry regulations. 

Meeting these needs can often be challenging with other FIDO2 solutions available today. 

Versasec’s credential management software, vSEC:CMS and vSEC:CLOUD, now includes Versasec FIDO2 Enterprise for organizations requiring high-security control and ease-of-use.

Video Demo

In the following video, an administrator issues a FIDO2 security device to a user, provisions it to Microsoft Entra ID, performs workstation login, and shows the new Versasec FIDO2 Enterprise capabilities:

  • Disable FIDO2 reset
  • With Allow List, control which relying party (RP) FIDO2 devices can be used with
  • Unblock PIN 

The Complete Versasec FIDO2 Enterprise Set of Capabilities

The capabilities introduced by Versasec bring powerful functionality for enterprise management. Some of these are for the administrator to set up a working credential management system:

  • Management Key: FIDO2 devices with enterprise features utilize a management key, configured and managed by vSEC:CMS, simplifying user experience. 
  • Allow List: An Allow List defines for which RP/sites the FIDO2 device can be used. The Allow List is stored on the device and can securely be managed by the system administrator.
  • Disable FIDO2 Reset: Prevent users or attackers from resetting devices and erasing enterprise configuration. This is often requested as it can be seen as a denial of service attack vector to allow for unauthorized device reset. 
  • Set Minimum PIN Length: Set a minimum PIN length for all credentials to comply with organizational policies.
  • Force PIN Change: Setting this flag forces the user to change the PIN on the first credential use.
  • Enforce User Verification: Protect the FIDO2 credentials by always requiring a PIN or fingerprint instead of just touching the smart card or security key. Thus efficiently verifying the user.

Others are for the administrator and user to manage credentials day-to-day. With these capabilities, the IT administrator can also delegate tasks to users in a secure and simple manner. For the user, these tasks become intuitive and helpful to manage their credentials effectively.

  • PIN Unblock: Remotely unblock the PIN to instantly restore functionality without resetting the device. All existing device credentials remain intact. Available for the vSEC:CMS user and admin roles.
  • Retrieve RP ID List: List the relying parties (RPs) associated with the passkeys stored on the device to see which sites the device is registered with.
  • List All Credentials for a Specific RP: Examine the passkeys stored on a device for a specific relying party (RP). 
  • Update FIDO2 Credentials: Modify information for a specific credential on a device.
  • Delete FIDO2 Credentials: Delete individual credentials from a device without performing a full device reset.

Visit the Versasec FIDO2 Passkey Enterprise Management page.

If you’d like to find out more about Versasec solutions, schedule a chat with one of our identity experts.

 Or, download an evaluation version and check it out for yourself.

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

Share this article