FIDO FOR THE ENTERPRISE

FIDO compliant authentication service with enterprise-ready lifecycle management

FIDO offers crypto-based, high security phishing-resistant authentication with a simple user experience. But with FIDO being based on a ‘one key for each relying party’ mechanism it works well for business to consumer relationships, where a user needs access to one system – but enterprises typically want greater control, where employees need to access multiple resources such as Office 365, CRM, ERP, remote access and countless other with a single managed credential that the organisation is in control of.

With FIDO now managed by the MyID credential management system (CMS), and available as an authentication option in MyID MFA enterprises can benefit from enhanced control:

Policy control over who can issue and who can receive FIDO credentials
Visibility on which employees have active FIDO credentials
Control on what employees are able to use their FIDO credential to access
Lifecycle management capability, providing a single point to revoke, replace, and set policies for end user FIDO credentials

Capability	FIDO	FIDO & MyID
Authentication server
Attestation check
Person / key binding
Issuance policy
Revocation
Centralised audit

DEPLOY FIDO ACROSS YOUR WORKFORCE AND SUPPLY CHAIN

MyID offers FIDO Authentication with the credential management and integration capabilities of the MyID platform.

The evolution of MyID CMS, to offer FIDO alongside PKI-based authentication brings greater flexibility for enterprises to combine policy driven PKI issuance with FIDO credentials on the either the same or separate devices.

FIDO support in MyID MFA means organizations can easily FIDO-enable cloud and on-prem applications in addition to protecting the Windows Desktop logon.

MANAGED FIDO BRINGS A VARIETY OF BENEFITS ACROSS THE ENTERPRISE

What it means for IT teams

Control how users authenticate with FIDO, based on defined security policy
Simplified policy-driven FIDO credential issuance that requires minimal IT effort
Enable access to multiple systems with one FIDO credential, utilizing standards based OpenID Connect and SAML
Control on revocation or replacement of FIDO credentials if employees lose or damage their credentialed device, change roles, or leave the business
Management software that integrates into your existing IAM infrastructure for quick, easy deployment

What it means for end users

Simplified, passwordless login to corporate resources
Remote access via smartphone or USB token

What it means for your organization

Strong crypto-backed phishing-resistant authentication to protect against the threat of data breach
Enhanced user experience for employees who no longer have to remember numerous passwords, improving productivity and user satisfaction
Reduction in IT help desk demands through password resets, system lock outs, remote working access issues
Capacity to extend strong authentication to the supply-chain by credentialing suppliers who access internal business systems with FIDO credentials

DEVICE FLEXIBILITY

MyID CMS and MFA supports a wide range of standards-based FIDO devices, including, iOS and Android mobile devices, smart cards, and security keys from AuthenTrend, Feitian, GoTrust, Identiv, Solokeys, Thales and YubiKey.

Uniquely, the MyID product family provides management over multiple authentication technologies and form factors, enabling organisations to mix and match technologies that best fit their needs and required levels for security.

For example, an organisation could use:

PKI-based USB tokens for its remote workers
PKI-based smart cards for its finance staff, including signed and encrypted email
Virtual smart cards for temporary workers
FIDO security keys for the supply chain and contractors

The MyID CMS can provide unified credential management for all of these from one single point controlling policy, visibility and lifecycle management independent of the technology in use.

HOW IT WORKS

Issuance

MyID CMS provides a flexible policy-driven way to issue PKI and /or FIDO credentials to individuals, compliant with federal government guidelines such as FIPS 201 / SP800 63-B assurance levels. MyID MFA provides a simple way to add FIDO authentication to existing applications in addition to a wide range of additional authentication options including push notifications and OTP

Authentication

Authentication operations are centrally audited for visibility and tracking purposes

Lifecycle Management

Keep track of who has which FIDO credential and provide visibility by enquiry and reports.

As who has which FIDO credential is tracked, it provides organizations the ability to revoke and replace credentials as employment status or rights change.

Lifecycle operations are audited, providing visibility and reporting over management operations in addition to authentication operations.

Using IT-set security policies, the authentication service will determine how a user is allowed to authenticate and walk the user through the authentication process.

MyID is now FIDO2 Certified.

Experience Managed FIDO

If you are ready to book a demo, simply click the button below and we will arrange a demo of FIDO

demo request

Download the white paper

Get an overview on the FIDO features and functionality in MyID

DOWNLOAD

Watch the FIDO with MyID admin experience demo

Watch the FIDO with MyID operator experience demo

Watch the FIDO with MyID user experience demo: Collecting a FIDO credential

FIDO with MyID User Experience: Login to Salesforce with MyID

Watch the FIDO with MyID user experience demo: Login to Salesforce

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede. Whether its citizen data, aerospace and defense systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organizations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.