SafeNet FIDO Key Manager is a standalone offline application available on Mobile and Desktop platforms that allows administrators and end users to set up and manage Thales’ FIDO USB tokens and Smartcards all along their life cycle.
Main Benefits
SafeNet FIDO Key Manager allows administrators or end users to be in full control of their physical Thales FIDO key and not dependent on the limited functionality offered natively by browsers or desktops.
With SafeNet FIDO Key Manager, you can configure the Thales FIDO keys according to the FIDO2.0, FIDO2.1 specifications from FIDO Alliance and benefit from the unique set of additional features that Thales offer for better security and convenience.
Managed Mode
Allow the organization to manage FIDO key policies with additional administration layer.
Configure Services Allow List
Allow the organization to limit the device usage to the preferred web services.
Unblock FIDO Key
- No need to delete all the information from the key if the PIN is blocked after several failed attempts.
- Perform online or offline.
Manage Reset
FIDO keys containing valuable end-user information are protected against malicious or unintentional deletion.
Min PIN Length
- Allow PIN policy according to organization policy.
- In managed mode, only allowed personnel can reconfigure the PIN length.
Setup & change PIN
Improve end user convenience by enabling self-service capabilities.
Two management modes
SafeNet FIDO Key Manager offers two modes for managing FIDO keys in your organization. If you are satisfied with the basic functionality of FIDO (PIN setup and change, FIDO key full reset), you can stay in unmanaged mode and take advantage of the self-service capability of SafeNet FIDO Key Manager. If you have additional needs to meet higher security standards, Managed Mode is for you.
Unmanaged Mode
Simplify end users onboarding.
Enhanced self-service for all end users |
Well suited to remote and IT experienced workers |
Activate your FIDO key yourself on your mobile phone or PC |
Manage your PIN and reset your key on your mobile phone or PC |
Replace your PIN by your fingerprint on Thales FIDO Biometric smart card |
Managed Mode
Go beyond FIDO specifications for enhanced security and convenience.
Self-service for end users and managed mode for administrators |
Well suited for organizations who need to meet high security standards and manage workers less familiar with IT |
Apply various security policies, restrictions to accessed services |
Prevent the FIDO key from being reset by end users by error |
Unblock the User’s FIDO key without completely resetting it |
Apps & features list
Feature name | Platforms availability | which Thales FIDO keys? | Details |
|---|---|---|---|
For end users & administrators | |||
Display the Fido key information |  | All | Display applet mode, serial number and firmware version. |
Setup PIN | | All | Create a new PIN to activate the key. |
Change PIN | | All | Change the existing PIN to a new PIN. |
Reset FIDO Key | | All | Remove all the FIDO credentials & reset the FIDO key to blank state. |
Add fingerprint |  | Biometric | Add a fingerprint to replace user PIN when using the biometric smartcard. |
View Allow-list* | | Thales EF | View the authorized applications. |
For administrators only | |||
Unblock users’ FIDO key* | | Thales EF | Reactivate the key without removing all the credentials. |
Setup and update admin PIN* | | Thales EF | Admin PIN configures the FIDO key to be in managed mode. Administrator can then apply various security policies, application restrictions and prevent the FIDO key from being reset by the end users. |
Configure Allow list* | | Thales EF | The FIDO key will work with the websites that have been allowed by the administrator. |
Manage FIDO key reset* | | Thales EF | Prevent the users from resetting the FIDO key. |
Configure minimum PIN length* | | Thales EF | Administrator defines a minimum PIN length to comply with security policies. End user cannot change it. |
*Thales Enterprise Features (Thales EF) are supported by a selected list of Thales innovative FIDO keys such as SafeNet eToken Fusion NFC PIV.
Apps & features list
Feature name | |
|---|---|
Platforms availability | which Thales FIDO keys? |
Details | |
For end users & administrators | |
Display the Fido key information | |
| All |
Display applet mode, serial number and firmware version. | |
Setup PIN | |
| All |
Create a new PIN to activate the key. | |
Change PIN | |
| All |
Change the existing PIN to a new PIN. | |
Reset FIDO Key | |
| All |
Remove all the FIDO credentials & reset the FIDO key to blank state. | |
Add fingerprint | |
| Biometric |
Add a fingerprint to replace user PIN when using the biometric smartcard. | |
View Allow-list* | |
| Thales EF |
View the authorized applications. | |
For administrators only | |
Unblock users’ FIDO key* | |
| Thales EF |
Reactivate the key without removing all the credentials. | |
Setup and update admin PIN* | |
| Thales EF |
Admin PIN configures the FIDO key to be in managed mode. Administrator can then apply various security policies, application restrictions and prevent the FIDO key from being reset by the end users. | |
Configure Allow list* | |
| Thales EF |
The FIDO key will work with the websites that have been allowed by the administrator. | |
Manage FIDO key reset* | |
| Thales EF |
Prevent the users from resetting the FIDO key. | |
Configure minimum PIN length* | |
| Thales EF |
Administrator defines a minimum PIN length to comply with security policies. End user cannot change it. | |
*Thales Enterprise Features (Thales EF) are supported by a selected list of Thales innovative FIDO keys such as SafeNet eToken Fusion NFC PIV.
Getting started with the SafeNet FIDO Key Manager
Download the SafeNet FIDO Key Manager on the app stores for Apple, Google and Microsoft using the links below.
Alternatively, for Windows you can also download the exe or msi from here.
Frequently asked questions
Yes, you can configure all Thales fido products – tokens or smart cards – with the SafeNet FIDO Key Manager. But depending on the version of the authenticator you have, you will be able to run a basic configuration (set up the PIN, change the PIN, reset the authenticator) or a more advanced configuration (such as define a minimum PIN length or manage a list of authorized services...)
No, it supports Thales FIDO authenticators only.
- The innovative SafeNet eToken Fusion NFC PIV is the innovative product supporting these advanced configuration capabilities.
- Additional authenticators are currently in the roadmap.
- Refer to the FIDO2 security Keys solution brief to get the up to date list