What is FIDO and why use it?
FIDO2 is the umbrella term for FIDO Alliance's newest set of specifications. FIDO2 authentication enables users to capitalize on common devices to authenticate quickly and securely to online services in both desktop and mobile environments. FIDO authentication is the industry's solution to the global password challenge and addresses all of the concerns of traditional authentication.
To reduce risk to your Windows logon, SaaS applications, users with high privilege and users in general, Thales supports FIDO passwordless authentication using multi-factor authentication (MFA) hardware devices.
Switching to a Passwordless world – What is passwordless authentication?
Accessing apps or IT systems without using a password or security questions by replacing passwords with FIDO compliant devices introduces a modern passwordless MFA experience that is resistant to phishing attacks and account takeovers, and enables compliance. Enjoy a passwordless authentication solution with presence detection, which creates a third factor of authentication: Something you have (physical token), something you know (PIN), something you do (touching token edge).
Thales multi-factor authentication devices use current and emerging protocols to support multiple applications at the same time. Use one security key that combines support for FIDO2, WebAuthn, U2F, and PKI to access both physical spaces and logical resources.
Organizations expanding their digital transformation are moving applications and data to the cloud to:
- Enable accessibility from anywhere
- Decrease operating costs
As users log in to an increasing number of cloud-based applications, weak passwords are emerging as the primary cause of identity theft and security breaches.
FIDO Authentication Solutions

One Device for FIDO & PKI or FIDO & Physical Access
Extend Modern Authentication to PKI Environments - Organizations that rely on PKI authentication can now use a combined PKI-FIDO smart card to facilitate their cloud and digital transformation initiatives by providing their users with a single authentication device for securing access to legacy apps, network domains and cloud services.
Physical Access - For optimum convenience, Thales FIDO smart cards support physical access enabling users to access both physical spaces and logical resources with a single customizable smart card.

FIDO Token with Touch Sense Options
The SafeNet eToken FIDO is a USB token, an ideal solution for enterprises looking to deploy passwordless authentication for employees. This FIDO authenticator is a compact, tamper-evident USB with presence detection, which creates a third factor of authentication: Something you have (physical token), something you know (PIN), something you do (touching the token).
Thales and Microsoft partner to provide Microsoft Azure AD customers with FIDO and CBA phishing-resistant authentication
With the new Azure AD cloud-native CBA support, Microsoft customers can use Thales X.509 certificate-based Tokens, Smart cards, and FIDO authenticators for all their identity protection needs. By supporting multiple use cases (PKI, CBA, FIDO2 authentication, physical access) in a single device, Thales allows organizations to extend high assurance access to the cloud while building on their existing environments.

Full integration with MS Azure AD
To address customer needs for FIDO, phishing-resistant authentication for Azure AD managed resources, Thales is offering a Microsoft-verified and tested USB FIDO security key. The Thales key and other Thales FIDO devices are fully compatible and integrated with Azure AD. They are ideal for protecting cloud services and on-premises applications.
Learn more about Thales FIDO2 Authentication for Azure AD in our solution brief and combine Microsoft Azure AD with Thales FIDO authenticators to reduce security breaches and meet US / EU regulations.
IDP Compatibility with FIDO Security
Thales FIDO devices are compatible with any IDPs that support the FIDO2 standard.
Tested IDPs include:
- Thales SafeNet Trusted Access
- Microsoft Azure Active Directory, now Part of Entra
- AWS Identity and Access Management (IAM)
- ForgeRock Access Management (Identity Platform)
- Intercede MyID
Thales FIDO Tokens, SafeNet eToken FIDO, SafeNet eToken FIDO for Microsoft Azure AD and SafeNet IDPrime 3940 FIDO are all FIDO2 and U2F FIDO certified, and compatible with Microsoft Azure Active Directory accounts.
SafeNet Trusted Access has been awarded the
Gold 2022 Cybersecurity Excellence Award for
Best Passwordless Solution, Best Multi-Factor Authentication and Best Identity and Access Management
The 2022 Cybersecurity Excellence Awards honor individuals and companies that demonstrate excellence, innovation and leadership in information security. With over 900 entries in more than 250 award categories, the 2022 Awards program is highly competitive. All winners reflect the very best in innovation and excellence in tackling today’s urgent cybersecurity challenges.
- SafeNet FIDO2 Key Benefits
Arm your enterprise with strong and secure passwordless authentication to any environment.
Benefits include:
- Secure cloud adoption and bridge secure access across hybrid environments with a combined PKI/FIDO smart card
- Easy access on multiple operating systems
- Passwordless access to cloud apps & network domains
- Single authenticator for all users' needs
- CC certified
- Supports all devices and OS (without middleware deployment)
- Ideal for digital signatures and email encryption