FIDO authentication (WebAuthn, U2F, CTAP)

FIDO (fast identity online) is a framework of open technical specifications for single or multifactor authentication. Airlock IAM supports both current versions (FIDO1 and FIDO2) of the authentication framework.

FIDO1 can be used as a 2nd factor.
FIDO2 also supports passwordless authentication.
FIDO2 is backward compatible to FIDO1.

In case FIDO is not mixed with other password or username based authentication factors, it can effectively mitigate common attacks against passwords like:
credential stuffing
password reuse
phishing
man-in-the-middle (MITM) attacks

Main features

Easy setup in Airlock IAM.
User authentication with FIDO1 and FIDO2 Authenticators (USB devices, platform implementations like Windows Hello, NFC-based Authenticators, etc.)
Passwordless authentication for FIDO2-compliant Authenticators.
Token migration self-service to FIDO.
Token registration self-service for authenticated users.
Integrated token management for admins and help desks.

Typical applications

Strong user authentication via browser or mobile app as the second factor.
Strong authentication for mobile apps.

Chapter content

10.2.3.1. Terms and definitions relating to FIDO

10.2.3.2. Simple FIDO authentication example

10.2.3.3. FIDO and WebAuthn knowledge

10.2.3.4. FIDO in Airlock IAM

10.2.3.5. FIDO configuration overview