FIDO
From version 2.8, ESET Secure Authentication (ESA) supports Two-Factor Authentication (2FA) on devices that support FIDO2 (and FIDO U2F) authentication standards. See more information about FIDO.
Requirements
- The web browser that supports the Web Authentication API
- Mozilla Firefox
- Google Chrome
- Microsoft Edge
For up-to-date information about supported browsers, visit Web Authentication API browser compatibility.
- Secure connection (HTTPS) (self-signed certificates can also be used)
Supported environment
- Web-based login environment protected by ESA:
|
FIDO implementation in ESET Secure Authentication has not yet been certified by the FIDO alliance. |
Configuration in ESA Web Console
The configuration in Settings > FIDO is for advanced FIDO administrators; there is no need to make any changes there.
- User Verification
- Required—The FIDO-compatible authenticator must support user verification (e.g., via biometrics or PIN code). Without user verification, the FIDO-compatible authenticator cannot be used as the second authentication factor.
- Preferred—The FIDO-compatible authenticator is preferred to support user verification. However, it is not essential.
- Discouraged—It does not matter if the FIDO-compatible authenticator supports user verification or not.
- Authenticator Type
- Platform (On bound)—The FIDO authenticator is a built-in solution (software, hardware) for the device, which is used as a second authentication factor.
- Cross-platform (Roaming)—The FIDO authenticator is detachable and can be used with several devices.
- Not specified—Does not matter if the FIDO authenticator is detachable.
|
FIDO origin Self-enrollment must be enabled to use FIDO to set the FIDO origin automatically. |
Activate FIDO for a user
- Navigate to Settings > Enrollment.
- If prompted, select a company.
- Enable FIDO, click Save.
- Navigate to Users, select the applicable user.
- Turn on FIDO, click Save.
- The user will have to finish the setup during self-enrollment.