FIDO

From version 2.8 ESET Secure Authentication Cloud Early Access (ESA) supports two-factor authentication (2FA) on devices that support FIDO2 (and FIDO U2F) authentication standards. See more information about FIDO.

Requirements

•Web browser that supports Web Authentication API

oMozilla Firefox

oGoogle Chrome

oMicrosoft Edge

For up-to-date information about supported browsers, visit https://platform-status.mozilla.org/ and search for "Web Authentication API".

•Secure connection (HTTPS) (self-signed certificates can also be used)

Supported environment

•Web-based login environment protected by ESA:

oIIS

oAD FS

oIdentity Provider Connector

•Windows Login Protection

Configuration in ESAC EA Web Console

The configuration in Settings > FIDO is for advanced FIDO administrators; there is no need to make any changes there.

•User Verification

oRequired—The FIDO-compatible authenticator must support user verification (e.g. via biometrics or PIN code). If there is no user verification, the FIDO-compatible authenticator cannot be used as second authentication factor.

oPreferred—It is preferred for the FIDO-compatible authenticator to support user verification, however it is not essential.

oDiscouraged—It does not matter if the FIDO-compatible authenticator supports user verification or not.

•Authenticator Type

oPlatform (On bound)—The FIDO authenticator is a built-in solution (software, hardware) of the device where it is used as a second authentication factor.

oCross-platform (Roaming)—The FIDO authenticator is detachable and can be used with several devices.

oNot specified—Does not matter if the FIDO authenticator is detachable or not.

Activate FIDO for a user

1.Navigate to Settings > Enrollment.

2.If prompted, select a company.

3.Enable FIDO, click Save.

4.Navigate to Users, select the applicable user.

5.Turn on FIDO, click Save.

6.The user will have to finish setup during self-enrollment.