FIDO
From version 2.8 ESET Secure Authentication Cloud Early Access (ESA) supports two-factor authentication (2FA) on devices that support FIDO2 (and FIDO U2F) authentication standards. See more information about FIDO.
Requirements
•Web browser that supports Web Authentication API
oMozilla Firefox
oGoogle Chrome
oMicrosoft Edge
For up-to-date information about supported browsers, visit https://platform-status.mozilla.org/ and search for "Web Authentication API".
•Secure connection (HTTPS) (self-signed certificates can also be used)
Supported environment
•Web-based login environment protected by ESA:
oIIS
FIDO implementation in ESET Secure Authentication Cloud Early Access has not yet been certified by the FIDO alliance. |
Configuration in ESAC EA Web Console
The configuration in Settings > FIDO is for advanced FIDO administrators; there is no need to make any changes there.
•User Verification
oRequired—The FIDO-compatible authenticator must support user verification (e.g. via biometrics or PIN code). If there is no user verification, the FIDO-compatible authenticator cannot be used as second authentication factor.
oPreferred—It is preferred for the FIDO-compatible authenticator to support user verification, however it is not essential.
oDiscouraged—It does not matter if the FIDO-compatible authenticator supports user verification or not.
•Authenticator Type
oPlatform (On bound)—The FIDO authenticator is a built-in solution (software, hardware) of the device where it is used as a second authentication factor.
oCross-platform (Roaming)—The FIDO authenticator is detachable and can be used with several devices.
oNot specified—Does not matter if the FIDO authenticator is detachable or not.
FIDO origin To use FIDO, self-enrollment for FIDO must be enabled, so that FIDO origin can be automatically set. |
Activate FIDO for a user
1.Navigate to Settings > Enrollment.
2.If prompted, select a company.
3.Enable FIDO, click Save.
4.Navigate to Users, select the applicable user.
5.Turn on FIDO, click Save.
6.The user will have to finish setup during self-enrollment.