FIDO

From version 2.8 ESET Secure Authentication (ESA) supports two-factor authentication (2FA) on devices that support FIDO2 (and FIDO U2F) authentication standards. See more information about FIDO.

Requirements

• Web browser that supports Web Authentication API
  • Mozilla Firefox
  • Google Chrome
  • Microsoft Edge

For up-to-date information about supported browsers, visit https://platform-status.mozilla.org/ and search for "Web Authentication API".

• Secure connection (HTTPS) (self-signed certificates can also be used)

Supported environment

• Web-based login environment protected by ESA:

• • IIS
  • AD FS
  • Identity Provider Connector
• Windows Login Protection

Configuration in ESAC Web Console

The configuration in Settings > FIDO is for advanced FIDO administrators; there is no need to make any changes there.

• User Verification
  • Required—The FIDO-compatible authenticator must support user verification (e.g. via biometrics or PIN code). If there is no user verification, the FIDO-compatible authenticator cannot be used as second authentication factor.
  • Preferred—It is preferred for the FIDO-compatible authenticator to support user verification, however it is not essential.
  • Discouraged—It does not matter if the FIDO-compatible authenticator supports user verification or not.

• Authenticator Type
  • Platform (On bound)—The FIDO authenticator is a built-in solution (software, hardware) of the device where it is used as a second authentication factor.
  • Cross-platform (Roaming)—The FIDO authenticator is detachable and can be used with several devices.
  • Not specified—Does not matter if the FIDO authenticator is detachable or not.

Activate FIDO for a user

1. Navigate to Settings > Enrollment.
2. If prompted, select a company.
3. Enable FIDO, click Save.
4. Navigate to Users, select the applicable user.
5. Turn on FIDO, click Save.
6. The user will have to finish setup during self-enrollment.