Versasec - FIDO Credential Management

FIDO Credential Management

vSEC:CMS version 6.3 includes lifecycle management of FIDO credentials. With vSEC:CMS, FIDO user credentials can automatically be enrolled and managed in Identity Providers (IdP). Thereby providing your cloud and enterprise Service Providers (SP) strong authentication of your users.

FIDO and PKI

Versasec’s vSEC:CMS v6.3 customers can now manage integrated FIDO credentials with their vSEC:CMS deployments.

Benefits of a centralized FIDO credential management:

FIDO credential management
Lifecycle management of FIDO credentials including issuance and revocation
Single pane of glass management of PKI and FIDO user device traceability
Improve user experience
Increase security and simplified onboarding administration, by using the same vetting and onboarding process

By offering FIDO management together with PKI management, Versasec brings the best of two worlds into one solution taking the management of FIDO security devices to the next level.

Use cases

The table below highlights the key feature differences between PIV/PKI and FIDO2.

Feature	PKI/PIV	FIDO2
Device logon
Web logon
E-Mail security
VPN IPSec
Document signing
Encryption
Mobile

The feature is supported.

Security and Credential Management

The table below highlights the differences in regards to security and credential management between PIV/PKI and FIDO2.

Feature	PKI/PIV	FIDO2
Low complexity
No CA necessary
Key recovery
Temporary device
PIN management
Lifecycle management		*
Traceability		*
Roles and permissions		*

The feature is supported.
* The feature is supported with vSEC:CMS.

vSEC:CMS Connectors (see figure above)

1. Smart card printer for batch operations
2. User directory for looking up users
3. File and database servers
4. Secure transport of PIN codes
5. Event & log management
6. User photo capture
7. Certificate/PKI services
8. Physical access control systems
9. Hardware security module
10. Secondary/out-of-band communication
11. Key archival & key recovery
12. Credential provider -login screen interface
13. Remote security device management
14. User self-service application
15. Physical & virtual smart cards/tokens
16. Administrative operator console

Product News

vSEC:CMS Version 6.6 is now available. The new version incorporates a variety of enhancements, updates and automated tasks, including the following:

Added Microsoft Azure AD Temporary Access Pass, AAD TAP, generation and distribution into credential issuance for onboarding of authentication methods, such as FIDO.
New Certificate Authority integration: certSIGN’s certSAFE Certificate Authority. User credentials can now be issued from vSEC:CMS and vSEC:CLOUD with certificates from certSAFE CA.
Navigation and user interface improvements for Admin and Agent applications.
Added “credential update view” to the lightweight administrator application, vSEC:CMS Agent. Now, admins who prefer the agent application, can update user credentials without revoking and re-issuing. Credential updates can be triggered by changes in employee roles or company-wide policies. “Credential update view” screen saves time and resources updating credentials quickly and securely.
Expanded supported credential list. Now, HID Crescendo 144K Smart Card can be configured and managed through vSEC:CMS and vSEC:CLOUD.

Evaluation - Download Today!

Register and download vSEC:CMS directly from versasec.com here.

Once downloaded and installed vSEC:CMS is ready for use in Evaluation Mode. During the evaluation, you can configure your environment with up to 5 licenses and your own use cases. Each license manages one credential. Additional licenses can be acquired as a subscription or by perpetual license. Please contact a Versasec reseller or Versasec directly to proceed.

Schedule a Demo

To enjoy the vSEC:CMS S-Series full feature set (including Self-Service, Virtual Smart Card, HSM support etc), schedule a demo with Versasec or contact your local Versasec reseller.

Scalability

The vSEC:CMS scales with your project. With the new load balancing capability, there is no upper limit!

Integrability - APIs

The vSEC:CMS S-Series can be integrated and connected in many different ways, the drawing below is trying to visualize the most commonly used options.

Product Sheet

Download the Versasec FIDO Credential Management product flyer [pdf]

Premium Support

Learn more about Versasec Premium Support.

vSEC:CMS

More information about the complete vSEC:CMS product suite can be found here.

Migrate to vSEC:CMS

vSEC:CMS includes upgrade wizards that enables quick and simple upgrade paths from third party credential management systems.

Check out the details on how to upgrade from:

Resellers

The product can be purchased from authorized vSEC:CMS integrators and resellers, via our partner reseller network or contact Versasec directly to let us help you find the best way forward.

Videos

The vSEC:CMS video content can be found here.

Product Features

The table below highlights the key features in the Versasec credential management product suites.

		vSEC:CLOUD	vSEC:CMS
User-Side Credential Operations Issuance And Revocation, Certificates And FIDO Change User PIN Offline/Online Unblock User PIN (User Side) Certificate Listing Credential Information Support for a large set of credentials Available directly from the Microsoft Store
Agent-Side Credential Operations User Credential Orchestration Offline/Online Unblock User PIN User PIN Policy Update Certificate Management FIDO Authenticator Management Azure AD TAP Generation and Distribution
Advanced Credential Operations Admin Key Diversification from Hardware Protected Masterkey User Fingerprint Policy Update Batch Mode Support Issuance Stations
Database Credential Repository SQL-based Databases Backup / Restore Multi-forest & Multi-domain
Credential Management System Features Full Credential & Certificate Lifecycle Management Seamless integration with MS Windows (domain and PKI) Cloud And On Prem PKI And IdP Integrations Always Available Migration Paths To and From vSEC:CMS No Code Custom Workflow Management Windows Hello for Business (WHfB) management Virtual Smart Card support for enabling BYOD
		vSEC:CLOUD	vSEC:CMS
Product Features
Advanced Management Features User Self-service and MS Credential Provider Key Archive and Key Restore Smart Card Stock Management Granular Operator Permissions and Access Control Card Printing and Batch Processing Photo Capturing Remote Security Device Management (RSDM) Certificate Management using ACME FIDO2 Management
Systems Integrations Certification Authorities (MS CA, Entrust, DigiCert, EJBCA, GlobalSign...) User Directories (LDAP, MS AD, Azure AD) Physical Access System (RFID) Identity Providers (IdP) For User Authentication And FIDO Management Windows Event Log Mail Server (for PIN mailing) Hardware Security Module (HSM)
Server-Side Integrations/API SQL Database Interface SOAP Helpdesk API SOAP Lifecycle API Client-Side Integrations/API COM API Web Start API Plugin API Physical Access System (PACS) API
		vSEC:CLOUD	vSEC:CMS
Licensing/Packaging
Managed by Versasec
Subscription
Perpetual Licenses
Installation Package

NOTE
✔ – The credential is supported by the product.
L – Known limitations – check release notes.
For details about validated middleware/minidrivers check the Versasec support portal or contact us.

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

CMS/SCMS

SCMS = Smart Card Management Systems
CMS = Credential Management System
New to credential management? Have a look at the Wikipedia definition of a ‘Smart Card Management System’.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Contact Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
uncode_privacy[consent_types]	1 year	This cookie is set by Uncode WordPress theme and is used to manage privacy settings on the website.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_20104436_1	1 minute	Set by Google to distinguish users.
_gat_UA-20104436-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Others