Using FIDO Security Keys for On-Premises Applications

Welcome!! I'm excited to show you how to enroll, use, and manage FIDO security keys within SafeNet Authentication Service Private Cloud Edition. Let's get started.

First, let's login to the SafeNet Authentication Service console to see what types of authentication methods our user is already using.

By selecting 'Virtual Servers,' then 'Assignment,' we're going to search for the user we want to look at.

Then, toggling over to 'Authentication Methods,' we can see what this user has been using to login to this application.

Here, you can see that this user has been logging in with GrIDsure, a passwordless, pattern-based authenticator.
For the sake of this demonstration, we're going to enable FIDO authentication for this user and see what the user self-enrollment process looks like from their point of view.

Just like normal, the user will input their username, and click 'Log-in.' Then, they will be prompted to enroll their new FIDO security key.

Like we just saw in the console, this user has been logging-in with GrIDsure, a pattern-based authenticator.

Once they verify their identity this way, they will be asked to enroll their FIDO security key.

Then, the user will click 'Add Authenticator.'

Now, they will simply insert the security key into their computer, be asked to touch the key, and provide a name for their key. We'll call ours "demo user token."

To create the credential for this domain, the browser will ask the user to touch the key one more time.

Lastly, to provide an extra layer of security, the user will be asked to come-up with a short pin for their security key.

That's it!! Now that the user is finished enrolling their FIDO security key, let's check the console, like we did at the beginning, and see if anything changed.

Just like before, we're gonna search for the user we want to observe!

And there you have it!! You can now see that the authenticator type has changed from GrIDsure to FIDO.

Just for fun, let's navigate over to 'Authentication Activity,' now that we know the token has been enrolled. Here, we can see the dates and times of recent access activity. And there's our authentication attempt: a success!

Alrighty. I just showed you how easy it is to enroll a physical FIDO security key. But what if a user doesn't have one?! Let's go through that same workflow, but using a mobile device as a FIDO authenticator instead.

As you can see, this part is exactly the same...The only difference is which option the user chooses once the browser's prompt appears.

Instead of selecting the first option, the user, in this case, will select the second, labeled 'Use a phone or tablet.'

Then, they'll scan the QR code with their mobile device, and follow the instructions on their phone to set-up their fingerprint or facial recognition.

As you can see, this user easily scans the QR code with their mobile device to generate a passkey. Then, sets up their fingerprint biometric to verify their identity.

Just like with a physical passkey, the user then creates a nickname for their mobile device.

Then, the user just selects their phone from the dropdown menu displayed by the browser, selects "sign-in" on their device, provides their biometric, and they're in.

Once the token is enrolled, you can, once again, see that the user's successfully gained access using FIDO!!

Thank you for viewing this demonstration of FIDO authentication within SafeNet Authentication Service!!!! Feel free to replay it again and again, or request your own personalized demo with our team of experts! See you next time!