FIDO
From version 2.8, ESET Secure Authentication (ESA) supports Two-Factor Authentication (2FA) on devices that support FIDO2 (and FIDO U2F) authentication standards. See more information about FIDO.
Requirements
•The web browser that supports the Web Authentication API
oMozilla Firefox
oGoogle Chrome
oMicrosoft Edge
For up-to-date information about supported browsers, visit Web Authentication API browser compatibility.
•Secure connection (HTTPS) (self-signed certificates can also be used)
Supported environment
•Web-based login environment protected by ESA:
oIIS
|
FIDO implementation in ESET Secure Authentication has not yet been certified by the FIDO alliance. |
Configuration in ESA Web Console
The configuration in Settings > FIDO is for advanced FIDO administrators; there is no need to make any changes there.
•User Verification
oRequired—The FIDO-compatible authenticator must support user verification (e.g., via biometrics or PIN code). Without user verification, the FIDO-compatible authenticator cannot be used as the second authentication factor.
oPreferred—The FIDO-compatible authenticator is preferred to support user verification. However, it is not essential.
oDiscouraged—It does not matter if the FIDO-compatible authenticator supports user verification or not.
•Authenticator Type
oPlatform (On bound)—The FIDO authenticator is a built-in solution (software, hardware) for the device, which is used as a second authentication factor.
oCross-platform (Roaming)—The FIDO authenticator is detachable and can be used with several devices.
oNot specified—Does not matter if the FIDO authenticator is detachable.
|
FIDO origin Self-enrollment must be enabled to use FIDO to set the FIDO origin automatically. |
Activate FIDO for a user
1.Navigate to Settings > Enrollment.
2.If prompted, select a company.
3.Enable FIDO, click Save.
4.Navigate to Users, select the applicable user.
5.Turn on FIDO, click Save.
6.The user will have to finish the setup during self-enrollment.