FIDO Credential Management

vSEC:CMS version 6.3 includes lifecycle management of FIDO credentials. With vSEC:CMS, FIDO user credentials can automatically be enrolled and managed in Identity Providers (IdP). Thereby providing your cloud and enterprise Service Providers (SP) strong authentication of your users.

FIDO and PKI

Versasec’s vSEC:CMS v6.3 customers can now manage integrated FIDO credentials with their vSEC:CMS deployments.

Benefits of a centralized FIDO credential management:

  • FIDO credential management
  • Lifecycle management of FIDO credentials including issuance and revocation
  • Single pane of glass management of PKI and FIDO user device traceability
  • Improve user experience
  • Increase security and simplified onboarding administration, by using the same vetting and onboarding process

By offering FIDO management together with PKI management, Versasec brings the best of two worlds into one solution taking the management of FIDO security devices to the next level.

Use cases

The table below highlights the key feature differences between PIV/PKI and FIDO2.

Feature PKI/PIV FIDO2
Device logon
Web logon
E-Mail security  
VPN IPSec  
Document signing  
Encryption  
Mobile

The feature is supported.

Security and Credential Management

The table below highlights the differences in regards to security and credential management between PIV/PKI and FIDO2.

Feature PKI/PIV FIDO2
Low complexity  
No CA necessary  
Key recovery  
Temporary device  
PIN management  
Lifecycle management
*
Traceability
*
Roles and permissions
*

 The feature is supported.
* The feature is supported with vSEC:CMS.

vSEC:CMS Connectors (see figure above)

1. Smart card printer for batch operations
2. User directory for looking up users
3. File and database servers
4. Secure transport of PIN codes
5. Event & log management
6. User photo capture
7. Certificate/PKI services
8. Physical access control systems
9. Hardware security module
10. Secondary/out-of-band communication
11. Key archival & key recovery
12. Credential provider -login screen interface
13. Remote security device management
14. User self-service application
15. Physical & virtual smart cards/tokens
16. Administrative operator console

Product News

vSEC:CMS Version 6.4 is now available. The new version incorporates a variety of enhancements, updates and automated tasks, including the following:

  • Microsoft Azure AD can now be connected to vSEC:CMS enabling customers to leverage their user information in the cloud.
  • Organizations with physical access credentials can now include these in their credential lifecycle management with vSEC:CMS. 
  • New supported credentials: HID Crescendo C2300, Thales eToken 5300C
  • FIDO enabled credentials can now be user self managed in the vSEC:CMS User application extending the new FIDO support to the remote workforce.
  • GP key and secure channel support added for Thales IDPrime MD 930.
  • macOS vSEC:CMS User application support for Thales eToken 5110/5100.

Evaluation - Download Today!

Register and download vSEC:CMS directly from versasec.com here.

Once downloaded and installed vSEC:CMS is ready for use in Evaluation Mode. During the evaluation, you can configure your environment with up to 5 licenses and your own use cases. Each license manages one credential. Additional licenses can be acquired as a subscription or by perpetual license. Please contact a Versasec reseller or Versasec directly to proceed.

Schedule a Demo

To enjoy the vSEC:CMS S-Series full feature set (including Self-Service, Virtual Smart Card, HSM support etc), schedule a demo with Versasec or contact your local Versasec reseller.

Scalability

The vSEC:CMS scales with your project. With the new load balancing capability, there is no upper limit!

Integrability - APIs

The vSEC:CMS S-Series can be integrated and connected in many different ways, the drawing below is trying to visualize the most commonly used options.

Product Sheet

Download the vSEC:CMS S-Series product sheet here [pdf]

vSEC:CMS

More information about the complete vSEC:CMS product suite can be found here.

Migrate to vSEC:CMS

vSEC:CMS S-Series includes upgrade wizards that enables quick and simple upgrade paths from third party credential management systems.

Check out the details on how to upgrade from:

Resellers

The product can be purchased from authorized vSEC:CMS integrators and resellers, via our partner reseller network or contact Versasec directly to let us help you find the best way forward.

Videos

The vSEC:CMS video content can be found here.

Product Features

The table below highlights the key features included in the vSEC:CMS product suite. Further detailed information about each product is provided from this table.

 

vSEC:TOOL

vSEC:CMS

Product Features

K

S

C

User-Side Credential Operations

Agent-Side Credential Operations

  • Admin Key Change
  • Online Unblock User PIN
  • Offline Unblock User PIN (Operator Side)
  • User PIN Policy Update
  • Certificate Management (pfx or p12 Import, Delete)

Advanced Credential Operations

  • Admin Key Diversification
    from Hardware Protected Masterkey
  • User Fingerprint Policy Update
  • Batch Mode Support
 

Database

  • Credential Repository
  • SQL-based Databases
  • Backup / Restore
  • Multi-forest & Multi-domain
 

Credential Management System Features

 
 

vSEC:TOOL

vSEC:CMS

Product Features

K

S

C

Advanced Management Features

  • User Self-service and MS Credential Provider
  • Key Archive and Key Restore
  • Smart Card Stock Management
  • Granular Operator Permissions and Access Control
  • Card Printing and Batch Processing
  • Photo Capturing
  • Remote Security Device Management (RSDM)
  • Certificate Management using ACME
  • FIDO2 Management
 

Systems Integrations

  • Certification Authorities (MS CA, Entrust, DigiCert, EJBCA, GlobalSign...)
  • User Directories (LDAP, MS AD, Azure AD)
  • Physical Access System (RFID)
  • Identity Providers (IdP) using OIDC and LDAP
  • Windows Event Log
  • Mail Server (for PIN mailing)
  • Hardware Security Module (HSM)
 

Integrations/APIs

Server-Side
  • SQL Database Interface
  • SQL High Availability - Microsoft Always On
  • SOAP Helpdesk API
  • SOAP Lifecycle API
Client-Side
  • COM API
  • Web Start API
  • Plugin API
  • Physical Access System (PACS) API
 
 

vSEC:TOOL

vSEC:CMS

Licensing/Packaging

K

S

C

Freeware
   
Perpetual Licenses
   
Subscription
 
Stand Alone Application
   
Installation Package
   
Ready To Deploy Image
   

NOTE
✔ – The credential is supported by the product.
L – Known limitations – check release notes.
For details about validated middleware/minidrivers check the Versasec support portal or contact us.

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Contact Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.

Visit our Blog