This article describes how FIDO features are configured in Airlock IAM.
For details about configuration please refer to the plugin and property descriptions in the Config Editor.
This article describes how FIDO features are configured in Airlock IAM.
For details about configuration please refer to the plugin and property descriptions in the Config Editor.
The configuration of all FIDO use-cases supported by Airlock IAM is based on the FIDO Settings configuration plugin.
The FIDO Settings configuration plugin is referenced by most of the other FIDO configuration plugins.
It is configured here (in the Config Editor):
MAIN SETTINGS >> Authentication Settings >> FIDO Settings
It is recommended to first configure the FIDO Settings plugin and afterward configure authentication, registration, and so on.
Windows 10 only supports RS256 as the algorithm for Windows Hello authentication, which is disabled in Airlock IAM by default. Thus, the RS256 algorithm needs to be enabled and configured accordingly if Windows Hello has to be used as FIDO Authenticator.
Note that this specific algorithm is disabled by default because RFC 8812 lists RS256/SHA-256 as not recommended.