SafeNet FIDO Key Manager

Easy and secure management of Thales’ FIDO2 authenticators.

FIDO Screenshot

SafeNet FIDO Key Manager is a standalone offline application available on Mobile and Desktop platforms that allows administrators and end users to set up and manage Thales’ FIDO USB tokens and Smartcards all along their life cycle. SafeNet FIDO Key Manager is a great fit for organizations looking for a self-service app for FIDO security keys along with enterprise grade admin controls whenever needed. The application is available on Windows, macOS, Android and iOS.

Benefits

SafeNet FIDO Key Manager allows administrators or end users to be in full control of their physical Thales FIDO key and not dependent on the limited functionality offered natively by browsers or desktops.

With SafeNet FIDO Key Manager, you can configure the Thales FIDO keys according to the FIDO2.0, FIDO2.1 specifications from FIDO Alliance and benefit from the unique set of additional features that Thales offer for better security and convenience.

Managed Mode

Managed Mode

Allow the organization to manage FIDO key policies with additional administration layer.

Configure Services Allow List

Configure Services Allow List

Allow the organization to limit the device usage to the preferred web services.

Unblock FIDO Key

Unblock FIDO Key

- No need to delete all the information from the key if the PIN is blocked after several failed attempts.
- Perform online or offline.

Manage Reset

Manage Reset

FIDO keys containing valuable end-user information are protected against malicious or unintentional deletion.

Min PIN Length

Min PIN Length

- Allow PIN policy according to organization policy.
- In managed mode, only allowed personnel can reconfigure the PIN length.

Setup & change PIN

Setup & change PIN

Improve end user convenience by enabling self-service capabilities.

Two management modes

SafeNet FIDO Key Manager offers two modes for managing FIDO keys in your organization. If you are satisfied with the basic functionality of FIDO (PIN setup and change, FIDO key full reset), you can stay in unmanaged mode and take advantage of the self-service capability of SafeNet FIDO Key Manager. If you have additional needs to meet higher security standards, Managed Mode is for you.

Unmanaged Mode

Simplify end users onboarding.
 

Enhanced self-service for all end users

Well suited to remote and IT experienced workers
 

Activate your FIDO key yourself on your mobile phone or PC

Manage your PIN and reset your key on your mobile phone or PC

Replace your PIN by your fingerprint on Thales FIDO Biometric smart card

Managed Mode

Go beyond FIDO specifications for enhanced security and convenience.

Self-service for end users and managed mode for administrators

Well suited for organizations who need to meet high security standards and manage workers less familiar with IT

Apply various security policies, restrictions to accessed services

Prevent the FIDO key from being reset by end users by error
 

Unblock the User’s FIDO key without completely resetting it
 

Apps & features list

Feature name

Platforms availability

which Thales FIDO keys?

Details

For end users & administrators
   

Display the Fido key information

full icons

All

Display applet mode, serial number and firmware version.

Setup PIN

full icons

All

Create a new PIN to activate the key.

Change PIN

full icons

All

Change the existing PIN to a new PIN.

Reset FIDO Key

full icons

All

Remove all the FIDO credentials & reset the FIDO key to blank state.

Add fingerprint

full icons

Biometric

Add a fingerprint to replace user PIN when using the biometric smartcard.

View Allow-list*

full icons

Thales EF

View the authorized applications.

For administrators only
(in managed mode)
   

Unblock users’ FIDO key*

full icons

Thales EF

Reactivate the key without removing all the credentials.

Setup and update admin PIN*

full icons

Thales EF

Admin PIN configures the FIDO key to be in managed mode. Administrator can then apply various security policies, application restrictions and prevent the FIDO key from being reset by the end users.

Configure Allow list*

full icons

Thales EF

The FIDO key will work with the websites that have been allowed by the administrator.

Manage FIDO key reset*

full icons

Thales EF

Prevent the users from resetting the FIDO key.

Configure minimum PIN length*

full icons

Thales EF

Administrator defines a minimum PIN length to comply with security policies. End user cannot change it.

*Thales Enterprise Features (Thales EF) are supported by a selected list of Thales innovative FIDO keys such as SafeNet eToken Fusion NFC PIV.

Apps & features list

Feature name

Platforms availability

which Thales FIDO keys?

Details

For end users & administrators

Display the Fido key information

full icons

All

Display applet mode, serial number and firmware version.

Setup PIN

full icons

All

Create a new PIN to activate the key.

Change PIN

full icons

All

Change the existing PIN to a new PIN.

Reset FIDO Key

full icons

All

Remove all the FIDO credentials & reset the FIDO key to blank state.

Add fingerprint

full icons

Biometric

Add a fingerprint to replace user PIN when using the biometric smartcard.

View Allow-list*

full icons

Thales EF

View the authorized applications.

 
For administrators only
(in managed mode)

Unblock users’ FIDO key*

full icons

Thales EF

Reactivate the key without removing all the credentials.

Setup and update admin PIN*

full icons

Thales EF

Admin PIN configures the FIDO key to be in managed mode. Administrator can then apply various security policies, application restrictions and prevent the FIDO key from being reset by the end users.

Configure Allow list*

full icons

Thales EF

The FIDO key will work with the websites that have been allowed by the administrator.

Manage FIDO key reset*

full icons

Thales EF

Prevent the users from resetting the FIDO key.

Configure minimum PIN length*

full icons

Thales EF

Administrator defines a minimum PIN length to comply with security policies. End user cannot change it.

*Thales Enterprise Features (Thales EF) are supported by a selected list of Thales innovative FIDO keys such as SafeNet eToken Fusion NFC PIV.

Getting started with the SafeNet FIDO Key Manager

Download the SafeNet FIDO Key Manager on the app stores for Apple, Google and Microsoft using the links below.

Alternatively, you can download the installers for Windows and macOS from the Support Portal.

Get the set-up guide by clicking on the platform of your choice:

Frequently asked questions

    Yes, you can configure all Thales fido products – tokens or smart cards – with the SafeNet FIDO Key Manager. But depending on the version of the authenticator you have, you will be able to run a basic configuration (set up the PIN, change the PIN, reset the authenticator) or a more advanced configuration (such as define a minimum PIN length or manage a list of authorized services...)

    No, it supports Thales FIDO authenticators only.

    • The innovative SafeNet eToken Fusion NFC PIV is the innovative product supporting these advanced configuration capabilities.
    • Additional authenticators are currently in the roadmap.
    • Refer to the FIDO2 security Keys solution brief to get the up to date list