Versasec FIDO2 Enterprise

Versasec FIDO2 Enterprise enables enterprises and organizations to centrally manage FIDO passkey authentication and provide a friendly self-service experience.

Get Started

Challenges

  • As users increasingly log in to web applications, passwords are becoming a leading cause of identity theft and security breaches.
  • To address this, FIDO2 security devices offer passwordless, phishing-resistant authentication. This helps prevent account takeovers and unauthorized access to sensitive resources, such as web applications and Windows endpoints.
  • However, in the workplace, mass deployment and management of FIDO2 devices and passkeys present challenges.
  • Organizations require control over their devices, including tracking status and visibility into deployment coverage.
  • Additionally, they need recovery options, centralized revocation, user issuance, and comprehensive lifecycle management.
  • Finally, they seek streamlined self-service capabilities, including PIN management.

Solution

Versasec developed FIDO2 Enterprise Features partnering with leading FIDO2 security device manufacturers, creating a leading solution in the market. Now organizations can:

  • Allow only enterprise-approved authenticators or security devices.
  • Enjoy strong temporary replacement authentication for misplaced FIDO authenticators.
  • Ensure credential reuse and recovery with user-friendly PIN changes.
  • Prevent denial of service (remote or local attack) with restricted resets. Employees or attackers cannot reset authenticators.
  • Enable role-based and department-specific credential management, allowing each role or department to manage only their designated tasks and users.
  • Establish IT desk clear best practices and repeatable workflows.
  • Confidently manage remote office devices.
  • Maintain audit trails and become compliant with industry regulations.
Download

Free Evaluation

Isn’t it time to start managing your organization’s security effectively? Download a free evaluation version of our powerful vSEC:CMS and see how quickly and easily you can keep your company safe. Register to download Versasec software.

Read more
Book now

Schedule a Demo

Talk to our experts about your business requirements, current ecosystem, and plans for the future. Let us walk alongside your IT business priorities, and make the most out of your IAM investments.

Schedule

These are some key features beneficial for credential administrators.

management key

Management Key

FIDO2 devices with enterprise features utilize a management key, configured and managed by vSEC:CMS, simplifying user experience.

allow list

Allow List

An Allow List defines for which RP/sites the FIDO2 device can be used. The Allow List is stored on the device and can securely be managed by the system administrator.

disable reset

Disable FIDO2 Reset

Prevent users or attackers from resetting devices and erasing enterprise configuration. This is often requested as it can be seen as a denial of service attack vector to allow for unauthorized device reset.

set min pin

Set Minimum PIN Length

Establish a FIDO2 PIN policy by setting a minimum PIN length.

force pin change

Force PIN Change

Require the user to change the PIN on first use.

user verification

Enforce User Verification

Ensure FIDO2 credentials are protected by requiring a PIN or fingerprint for user verification.

Others are for the administrator and user to manage credentials day-to-day. 

With these capabilities, the IT administrator can delegate tasks to users in a secure and simple manner. For the user, these tasks become intuitive and helpful to manage their credentials effectively.

pin-unblock

PIN Unblock

Remotely unblock the PIN to instantly restore device functionality, without needing to reset the FIDO device. All existing device credentials remain intact. Available for the user and admin.

retrieve list

Retrieve RP ID List*

List the relying parties (RPs) associated with the passkeys stored on the device to see which sites the device is registered with.

credentials per RP

List All Credentials for a Specific RP

Examine the passkeys stored on a device for a specific relying party (RP).

update credentials

Update FIDO2 Credentials

Modify the user information for a specific credential on a device.

Delete FIDO2 Credentials

Delete individual credentials from a device without performing a full device reset.

Deploying with Versasec Credential Management

Versasec’s state-of-the-art system is helping enterprises worldwide adopt secure authentication technology for web and app authentication devices in today’s cyber world. Enterprises are saying goodbye to confusion and manual siloed systems and welcoming efficient, simple, and cost-effective core solutions.

Versasec Core Connections

Versasec Ecosystem

Versasec performs at the security core of organizations.

The Core of Identity & Access Management blog post explores the most popular connections facilitated by our innovative systems. Discover how it can revolutionize your FIDO enterprise orchestration journey and enhance security within your organization.

Find out more about FIDO2 Orchestration

FAQs

We’re glad you asked! FIDO tokens and smartcards are being added to our supported credentials page monthly. Please contact your Versasec representative for the latest updates and what is coming in the future. If you have any preferences, we’d love to know!

The paradox between FIDO and PKI comes down to the organization’s goals, users, budget, and systems in place. If you’re asking this question, you’re on the right track. Consider using one of our consulting partners in your region if you need further guidance, or our professional services team, specialized in FIDO enterprise orchestration.

You do not have to choose you can have both as vSEC:CMS can manage PKI and FIDO combined credentials to solve all authentication and PKI use cases. For more information, watch our FIDO webinar, PIV and FIDO: Defense Against Cyber Threats.

According to the “Recommended Best Practices for Administrators on Identity and Access Management” by the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), “Authentication systems are the front doors to enterprise networks, applications and data. As such, attackers are highly focused on finding and exploiting authentication vulnerabilities.” 

They present a chart ranking the weakest to strongest types of multi-factor authentication. In the weakest, they place SMS or voice MFA. In the middle, app-based MFA, including OTP and mobile-push notifications. At the strongest, phishing-resistant MFA, including public-key infrastructure (PKI) and FIDO. To read more in detail about their conclusions and their advice, read the full article here.

Versasec offers many migration paths (wizard) from other credential management systems (CMS or SCMS). We also provide pre-built paths for:

To migrate to vSEC:CLOUD, customers do not need to be on vSEC:CMS, but can migrate directly from any other CMS/SCMS.

vSEC:CLOUD is a service of our credential management software vSEC:CMS. Fully subscription based and deployed in a virtual private cloud, Versasec will manage server hosting and upgrades for customers of all sizes.

Implement Highly Secure Identity Management with Versasec and Microsoft Entra ID

Passwords and traditional multifactor authentication (MFA) are no longer sufficient for keeping identities secure. Many businesses want to upgrade to stronger credential strategies but are not sure where to start.

Luckily, adopting phishing-resistant MFA doesn’t have to be complicated.

versasec-ebook-square

Effortlessly deploy and manage passwordless identity security across your organization with Versasec’s Credential Management System, vSEC:CMS, and Microsoft Entra ID. In our eBook, The Next Evolution in Credential Security, we explore how organizations can:

  • Implement highly secure identity management with ease.
  • Streamline the deployment of FIDO2 passkeys.
  • Integrate your access security ecosystem.

Comprehensive identity management has never been easier to achieve.

Get Your Copy

Download the eBook to learn more.

Recent Articles on FIDO