FIDO FOR THE ENTERPRISE
FIDO compliant authentication service with enterprise-ready lifecycle management
FIDO offers crypto-based, high security authentication with a simple user experience. But with FIDO being based on a ‘one key for each relying party’ mechanism it works well for business to consumer relationships, where a user needs access to one system – but enterprises typically want greater control, where employees need to access multiple resources such as Office 365, CRM, ERP, remote access and countless other cloud-based systems with a single managed credential.
With FIDO now managed by MyID credential management system (CMS), enterprises can benefit from enhanced control:
- Policy control over who can issue and who can receive FIDO credentials
- Visibility on which employees have active FIDO credentials
- Control on what employees are able to use their FIDO credential to access
- Lifecycle management capability, providing a single point to revoke, replace, and set policies for end user FIDO credentials
|Capability||FIDO||FIDO & MyID|
|Person / key binding|
DEPLOY FIDO ACROSS YOUR WORKFORCE AND SUPPLY CHAIN
MyID offers FIDO Authentication with the credential management and integration capabilities of the MyID platform.
The evolution of MyID, to offer FIDO alongside PKI-based authentication brings greater flexibility for enterprises to issue and manage the right credential types to the right users.
MANAGED FIDO BRINGS A VARIETY OF BENEFITS ACROSS THE ENTERPRISE
MyID is a FIDO CMS that supports a wide range of standards-based FIDO devices, including, iOS and Android mobile devices, smart cards, and security keys from AuthenTrend, Feitian, GoTrust, Identiv, Solokeys, Thales and YubiKey.
Uniquely, MyID provides management over multiple authentication technologies and form factors, enabling organisations to mix and match technologies that best fit their needs and required levels for security.
For example, an organisation could use:
- PKI-based USB tokens for its remote workers
- PKI-based smart cards for its finance staff, including signed and encrypted email
- Virtual smart cards for temporary workers
- FIDO security keys for the supply chain and contractors
MyID can provide unified credential management for all of these from one single point controlling policy, visibility and lifecycle management independent of the technology in use.
HOW IT WORKS
- MyID provides control over which groups of users can receive FIDO tokens
- Requests for new FIDO credentials can be operator-led via API
- Issuance policy defines how a user must authenticate before collecting their FIDO credentials, options include OTP
- MyID binds a FIDO key to a user at issuance, keeping track of who has which FIDO credentials
- MyID provides a built-in FIDO certified authentication server and integrates with your existing infrastructure by ADFS plug-in or OpenID Connect
- Authentication operations are centrally audited for visibility and tracking purposes
- MyID keeps track of who has which FIDO credentials and provides visibility by enquiry, reports and API
- As MyID tracks who has which FIDO credentials, it provides organisations the ability to revoke and replace credentials as employment status or rights change
- Lifecycle operations are audited, providing visibility and reporting over management operations in addition to authentication operations
- Using IT-set security policies, the MyID authentication service will determine how a user is allowed to authenticate and walk the user through the authentication process
- Once authenticated, MyID authentication service will then communicate via the plug-in with ADFS to grant access to the end system
Trusted By Governments and Large Enterprises Worldwide
Where protecting systems and information really matters, you will find MyID. Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose MyID to protect themselves against data breach and ensure business continuity.