PKI Credential Management

Seamlessly deploy PKI smart cards, (security keys, authenticators, credentials) at scale.

Get Started
pki architecture

Manage the deployment of PKI-based digital identities to enable robust passwordless authentication and empower users to safely sign transactions, encrypt emails, and authenticate into systems, applications, and networks, requiring the highest authenticator assurance levels.

PKI/PIV Card (Security Key) Management

The Versasec PKI/PIV card (credential, security key, smart card, token) management offer includes the following functions:

  • Issue cryptographically secure digital identities using PKI keys and certificates to smart cards, USB tokens, WHfB, and virtual smart cards.
  • Configure certificate and device lifecycle management workflows to ensure the right people receive the appropriate digital credentials.
  • Issue credentials centrally automatically and in batch, by helpdesk on-behalf of users, or through self-service. Print on converged badges with a smart card printer – useful for batch issuance and visual identification customization.
  • Provide key archiving and recovery, allowing keys and certificates to be deployed to multiple devices for email encryption and recovery in case of loss of PKI credential.

  • Offer high levels of user service with straightforward process-driven features for help desks and self-service users to issue replacement devices upon loss or reactivate locked devices.
  • Maintain complete auditability and reporting, providing visibility into who issued which digital credentials to which users and on what device, aiding external audits and compliance with identity management guidelines.
  • Equip users with phishing-resistant multi-factor authentication (MFA).
  • Combine PKI certificate use cases with FIDO2 and physical access.

Download

Free Evaluation

Isn’t it time to start managing your organization’s security effectively? Download a free evaluation version of our powerful vSEC:CMS and see how quickly and easily you can keep your company safe. Register to download Versasec software.

Read more
Book now

Schedule a Demo

Talk to our experts about your business requirements, current ecosystem, and plans for the future. Let us walk alongside your IT business priorities, and make the most out of your IAM investments.

Schedule

Versasec Supported Credentials & Passwordless Authenticators

Versasec strives to support as many credential types as possible in all of Versasec’s products. Below are phishing-resistant credentials we support. We hope one fits your enterprise, users, and devices. Not all multi-factors are created equal. Customize based on your organizational needs and goals. We support PIV, PKI, Virtual, Physical Access, Logical Access, and combined FIDO+PIV, and FIDO-only credentials. Versasec does not lock you in to one provider, we are credential-agnostic. The number of supported credential types is continuously increasing with every new product version. If you want to manage a different credential, currently not on our list, please contact us at info@versasec.com.

* Tokens and smart cards with FIDO2

supported credentials logo banner

ACS

ACS ACOS5-64

Atos

Atos CardOS v4.4
Atos CardOS v5.3

AuthenTrend

AuthenTrend ATKey.Card.NFC*

Aventra

Avtor CryptoCard 337

Cryptovision

Cryptovision SCinterface

Ensurity

Ensurity ThinC-AUTH BioPro

Feitian

Feitian ePass FIDO-NFC Plus K9/Plus K40 *
Feitian eJava Token
Feitian SmartCard
Feitian ePass2003 PKI eJava Token
Feitian ePass2003 PKI SmartCard
Feitian Fingerprint SmartCard F2000
Feitian iePass FIDO PIV K44

Giesecke+Devrient

G+D StarSign® Crypto USB Token M
G+D StarSign® FIDO Card *
G+D StarSign® Key Fob
G+D StarSign® PKI Card
G+D StarSign® Wristband

HID

HID Global Crescendo 144K
HID Global Crescendo C200
HID Global Crescendo C2300
HID Global Crescendo C1150

Idemia

Idemia ypsID S2
Idemia ypsID S3
Idemia ID-One Cosmo 8.1 IAS ECC
Idemia ID-One PIV 8.1

Identiv

Identiv uTrust MD

Microsoft

Microsoft minidriver enabled devices
Microsoft Windows Hello for Business

Open FIPS

Open FIPS 201 Applet

Safe Trust

SafeTrust-PIV on Placard

Swissbit

Swissbit iShield Key
Swissbit iShield Key – FIDO only*
Swissbit iShield2 Pro*

Taglio

Taglio C2
Taglio PIVKey

TCOS

TCOS TeleSec IDKey

Thales

Thales eToken FIDO NFC*
Thales eToken Fusion FIPS*
Thales eToken Fusion NFC PIV*
Thales eToken Fusion NFC PIV – Enterprise*
Thales IDPrime FIDO BIO *
Thales IDPrime .NET 510

Thales IDPrime .NET 5500
Thales IDPrime MD 830
Thales IDPrime MD 840
Thales IDPrime MD 930
Thales IDPrime MD 940/940C/940 CC
Thales IDPrime MD 3810
Thales IDPrime MD 3840
Thales IDPrime MD 3930
Thales IDPrime MD 3940
Thales IDPrime MD 3940 FIDO *
Thales IDPrime PIV 2.1
Thales IDPrime PIV 3.0
Thales IDPrime Virtual
Thales MultiApp ID
Thales SafeNet eToken 5100, 5110 FIPS, 5110+ FIPS, 5110+ CC
Thales Safenet eToken 5300
Thales SafeNet eToken FIDO*
Thales SafeNet eToken Fusion/CC *
Thales SafeNet eToken Fusion FIPS*
Thales SafeNet eToken Fusion NFC PIV*
Thales SafeNet IDCore 3121 FIDO*

Token2

Token2 PIN+ FIDO2 Security Keys Series*

Yubico

YubiKey 5 NFC/5C/5Nano/5C Nano*
YubiKey 4/4 Nano/4C/4C Nano
YubiKey NEO/NEO-n

*Tokens and smart cards with FIDO2

Read about our award-winning credential management software

Versasec Demos and Webinars

Versasec’s YouTube channel contains multiple curated demos and webinars to showcase products and solutions, from PKI use cases to FIDO orchestration.

Versasec YouTube Channel

Deploying with Versasec Credential Management

Versasec’s state-of-the-art system is helping enterprises worldwide adopt secure authentication technology for web and app authentication devices in today’s cyber world. Enterprises are saying goodbye to confusion and manual siloed systems and welcoming efficient, simple, and cost-effective core solutions.

Versasec Core Connections

Versasec Ecosystem

Versasec performs at the security core of organizations.

The Core of Identity & Access Management blog post explores the most popular connections facilitated by our innovative systems. Discover how it can revolutionize your enterprise orchestration journey and enhance security within your organization.

Find out more about vSEC:CMS

FAQs

Which PKI Authenticators does Versasec support?

We’re glad you asked! PKI hardware tokens and smartcards are being added to our supported credentials page monthly. Please contact your Versasec representative for the latest updates and what is coming in the future. If you have any preferences, we’d love to know!

How do I choose between FIDO and PKI?

The paradox between FIDO and PKI comes down to the organization’s goals, users, budget, and systems in place. If you’re asking this question, you’re on the right track. Consider using one of our consulting partners in your region if you need further guidance, or our professional services team, specialized in FIDO enterprise orchestration.

You do not have to choose you can have both as vSEC:CMS can manage PKI and FIDO combined credentials to solve all authentication and PKI use cases. For more information, watch our FIDO webinar, PIV and FIDO: Defense Against Cyber Threats.

How is PKI stronger than Passwords and OTP authentication methods?

According to the “Recommended Best Practices for Administrators on Identity and Access Management” by the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), “Authentication systems are the front doors to enterprise networks, applications and data. As such, attackers are highly focused on finding and exploiting authentication vulnerabilities.” 

They present a chart ranking the weakest to strongest types of multi-factor authentication. In the weakest, they place SMS or voice MFA. In the middle, app-based MFA, including OTP and mobile-push notifications. At the strongest, phishing-resistant MFA, including public-key infrastructure (PKI) and FIDO. To read more in detail about their conclusions and their advice, read the full article here.

How can I migrate my credential management system to Versasec's vSEC:CMS or vSEC:CLOUD?

Versasec offers many migration paths (wizard) from other credential management systems (CMS or SCMS). We also provide pre-built paths for:

To migrate to vSEC:CLOUD, customers do not need to be on vSEC:CMS, but can migrate directly from any other CMS/SCMS.

vSEC:CMS Migration Paths

What is the difference between vSEC:CMS and vSEC:CLOUD?

vSEC:CLOUD is a service of our credential management software vSEC:CMS. Fully subscription based and deployed in a virtual private cloud, Versasec will manage server hosting and upgrades for customers of all sizes.

Implement Highly Secure Identity Management with Versasec and Microsoft Entra ID

Passwords and traditional multifactor authentication (MFA) are no longer sufficient for keeping identities secure. Many businesses want to upgrade to stronger credential strategies but are not sure where to start.

Luckily, adopting phishing-resistant MFA doesn’t have to be complicated.

versasec-ebook-square

Effortlessly deploy and manage passwordless identity security across your organization with Versasec’s Credential Management System, vSEC:CMS, and Microsoft Entra ID. In our eBook, The Next Evolution in Credential Security, we explore how organizations can:

  • Implement highly secure identity management with ease.
  • Streamline the deployment of FIDO2 passkeys.
  • Integrate your access security ecosystem.

Comprehensive identity management has never been easier to achieve.

Get Your Copy

Download the eBook to learn more.

Recent Articles on PKI Credential Management