Versasec FIDO2 Enterprise
Versasec FIDO2 Enterprise enables enterprises and organizations to centrally manage FIDO passkey authentication and provide a friendly self-service experience.
Challenges
- As users increasingly log in to web applications, passwords are becoming a leading cause of identity theft and security breaches.
- To address this, FIDO2 security devices offer passwordless, phishing-resistant authentication. This helps prevent account takeovers and unauthorized access to sensitive resources, such as web applications and Windows endpoints.
- However, in the workplace, mass deployment and management of FIDO2 devices and passkeys present challenges.
- Organizations require control over their devices, including tracking status and visibility into deployment coverage.
- Additionally, they need recovery options, centralized revocation, user issuance, and comprehensive lifecycle management.
- Finally, they seek streamlined self-service capabilities, including PIN management.
Solution
Versasec developed FIDO2 Enterprise Features partnering with leading FIDO2 security device manufacturers, creating a leading solution in the market. Now organizations can:
- Allow only enterprise-approved authenticators or security devices.
- Enjoy strong temporary replacement authentication for misplaced FIDO authenticators.
- Ensure credential reuse and recovery with user-friendly PIN changes.
- Prevent denial of service (remote or local attack) with restricted resets. Employees or attackers cannot reset authenticators.
- Enable role-based and department-specific credential management, allowing each role or department to manage only their designated tasks and users.
- Establish IT desk clear best practices and repeatable workflows.
- Confidently manage remote office devices.
- Maintain audit trails and become compliant with industry regulations.
Download
Free Evaluation
Isn’t it time to start managing your organization’s security effectively? Download a free evaluation version of our powerful vSEC:CMS and see how quickly and easily you can keep your company safe. Register to download Versasec software.
Book now
Schedule a Demo
Talk to our experts about your business requirements, current ecosystem, and plans for the future. Let us walk alongside your IT business priorities, and make the most out of your IAM investments.
These are some key features beneficial for credential administrators.
Management Key
FIDO2 devices with enterprise features utilize a management key, configured and managed by vSEC:CMS, simplifying user experience.
Allow List
An Allow List defines for which RP/sites the FIDO2 device can be used. The Allow List is stored on the device and can securely be managed by the system administrator.
Disable FIDO2 Reset
Prevent users or attackers from resetting devices and erasing enterprise configuration. This is often requested as it can be seen as a denial of service attack vector to allow for unauthorized device reset.
Set Minimum PIN Length
Establish a FIDO2 PIN policy by setting a minimum PIN length.
Force PIN Change
Require the user to change the PIN on first use.
Enforce User Verification
Ensure FIDO2 credentials are protected by requiring a PIN or fingerprint for user verification.
•
Others are for the administrator and user to manage credentials day-to-day.
With these capabilities, the IT administrator can delegate tasks to users in a secure and simple manner. For the user, these tasks become intuitive and helpful to manage their credentials effectively.
PIN Unblock
Remotely unblock the PIN to instantly restore device functionality, without needing to reset the FIDO device. All existing device credentials remain intact. Available for the user and admin.
Retrieve RP ID List*
List the relying parties (RPs) associated with the passkeys stored on the device to see which sites the device is registered with.
List All Credentials for a Specific RP
Examine the passkeys stored on a device for a specific relying party (RP).
Update FIDO2 Credentials
Modify the user information for a specific credential on a device.
Delete FIDO2 Credentials
Delete individual credentials from a device without performing a full device reset.
Deploying with Versasec Credential Management
Versasec’s state-of-the-art system is helping enterprises worldwide adopt secure authentication technology for web and app authentication devices in today’s cyber world. Enterprises are saying goodbye to confusion and manual siloed systems and welcoming efficient, simple, and cost-effective core solutions.
Versasec Ecosystem
Versasec performs at the security core of organizations.
The Core of Identity & Access Management blog post explores the most popular connections facilitated by our innovative systems. Discover how it can revolutionize your FIDO enterprise orchestration journey and enhance security within your organization.
FAQs
We’re glad you asked! FIDO tokens and smartcards are being added to our supported credentials page monthly. Please contact your Versasec representative for the latest updates and what is coming in the future. If you have any preferences, we’d love to know!
The paradox between FIDO and PKI comes down to the organization’s goals, users, budget, and systems in place. If you’re asking this question, you’re on the right track. Consider using one of our consulting partners in your region if you need further guidance, or our professional services team, specialized in FIDO enterprise orchestration.
You do not have to choose you can have both as vSEC:CMS can manage PKI and FIDO combined credentials to solve all authentication and PKI use cases. For more information, watch our FIDO webinar, PIV and FIDO: Defense Against Cyber Threats.
According to the “Recommended Best Practices for Administrators on Identity and Access Management” by the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), “Authentication systems are the front doors to enterprise networks, applications and data. As such, attackers are highly focused on finding and exploiting authentication vulnerabilities.”
They present a chart ranking the weakest to strongest types of multi-factor authentication. In the weakest, they place SMS or voice MFA. In the middle, app-based MFA, including OTP and mobile-push notifications. At the strongest, phishing-resistant MFA, including public-key infrastructure (PKI) and FIDO. To read more in detail about their conclusions and their advice, read the full article here.
Versasec offers many migration paths (wizard) from other credential management systems (CMS or SCMS). We also provide pre-built paths for:
- Microsoft MIM/FIM migrations
- Thales SafeNet Authentication Manager (SAM) identity and access card management system
- Gemalto DAS / IDAdmin 100 smart card management tool
To migrate to vSEC:CLOUD, customers do not need to be on vSEC:CMS, but can migrate directly from any other CMS/SCMS.
vSEC:CLOUD is a service of our credential management software vSEC:CMS. Fully subscription based and deployed in a virtual private cloud, Versasec will manage server hosting and upgrades for customers of all sizes.
Implement Highly Secure Identity Management with Versasec and Microsoft Entra ID
Passwords and traditional multifactor authentication (MFA) are no longer sufficient for keeping identities secure. Many businesses want to upgrade to stronger credential strategies but are not sure where to start.
Luckily, adopting phishing-resistant MFA doesn’t have to be complicated.
Effortlessly deploy and manage passwordless identity security across your organization with Versasec’s Credential Management System, vSEC:CMS, and Microsoft Entra ID. In our eBook, The Next Evolution in Credential Security, we explore how organizations can:
- Implement highly secure identity management with ease.
- Streamline the deployment of FIDO2 passkeys.
- Integrate your access security ecosystem.
Comprehensive identity management has never been easier to achieve.
Get Your Copy
Recent Articles on FIDO
2025-01-16
How We Empowered IT
In 2024, we delivered game-changing features that help IT Directors and Admins worldwide do more with less and achieve…
2024-12-05
Versasec FIDO2 Enterprise
Versasec credential management software introduces Versasec FIDO2 Enterprise capabilities for FIDO2 devices.
2024-10-16
5 Reasons for Choosing vSEC:CMS
We’re excited to announce the release of our new brochure, 5 Reasons for Choosing vSEC:CMS for Passkey Deployment.
2024-10-10
Microsoft Entra ID Enforces MFA
Starting October 15, 2024, Microsoft is enforcing mandatory Multi-Factor Authentication (MFA) for users accessing…
2024-09-18
Microsoft HQ and Austin Texas
Versasec CEO on his latest trip to the United States, informative identity solutions meetings at Microsoft and visiting…
2024-08-20
Conversations with IAM Cyberheroes – Mohammad Shah Beikian
Versasec speaks with Mohammad Shah Beikian, a Sales Engineering Manager at Thales Group with 20 years of experience in…
2024-08-13
FIDO with Thales SafeNet Trusted Access(STA) and vSEC:CMS
Versasec credential management integration with Thales SafeNet Trusted Access expands FIDO2 features for enterprise…
2024-06-05
Enrolling Fingerprints to FIDO2 Authenticators
The new FIDO2 fingerprint enrollment flow with vSEC:CMS simplifies the enrollment process for all users. IT departments…
2024-05-29
Discover Versasec’s YouTube Channel
The Versasec YouTube channel is your go-to source for all things related to Versasec’s credential management systems…
2024-05-22
Versasec Team Focuses on Device-bound Passkeys in Mallorca
After five years, Versasec held a highly anticipated meetup, bringing together employees for four days on the beautiful…
2024-05-15
Rising Tide of Data Breaches
These incidents reinforce the critical need for robust cybersecurity measures, including phishing-resistant…
2024-05-08
FIDO Ping Integration
Explore the powerful integration between Versasec's FIDO2 management solutions and Ping Identity to enhance security,…