FIDO
10.2.3. FIDO authentication (WebAuthn, U2F, CTAP)

FIDO (fast identity online) is a framework of open technical specifications for single or multifactor authentication. Airlock IAM supports both current versions (FIDO1 and FIDO2) of the authentication framework.

  • FIDO1 can be used as a 2nd factor.
  • FIDO2 also supports passwordless authentication.
  • FIDO2 is backward compatible to FIDO1.
  • In case FIDO is not mixed with other password or username based authentication factors, it can effectively mitigate common attacks against passwords like:
  • credential stuffing
  • password reuse
  • phishing
  • man-in-the-middle (MITM) attacks

Main features

  • Easy setup in Airlock IAM.
  • User authentication with FIDO1 and FIDO2 Authenticators (USB devices, platform implementations like Windows Hello, NFC-based Authenticators, etc.)
  • Passwordless authentication for FIDO2-compliant Authenticators.
  • Token migration self-service to FIDO.
  • Token registration self-service for authenticated users.
  • Integrated token management for admins and help desks.

Typical applications

  • Strong user authentication via browser or mobile app as the second factor.
  • Strong authentication for mobile apps.