FIDO authentication (WebAuthn, U2F, CTAP)

FIDO (fast identity online) is a framework of open technical specifications for single or multifactor authentication. Airlock IAM supports both current versions (FIDO1 and FIDO2) of the authentication framework.

Info

FIDO1 can be used as a 2nd factor.
FIDO2 also supports passwordless authentication.
FIDO2 is backward compatible to FIDO1.

In case FIDO is not mixed with other password- or username-based authentication factors, it can effectively mitigate common attacks against passwords like:

credential stuffing
password reuse
phishing
man-in-the-middle (MITM) attacks

Main features

Easy setup in Airlock IAM.
User authentication with FIDO1 and FIDO2 Authenticators/passkeys (USB devices, platform implementations like Windows Hello, NFC-based Authenticators, etc.)
Passwordless authentication for FIDO2-compliant Authenticators.
Token migration self-service to FIDO.
Token registration self-service for authenticated users.
Token management self-service for authenticated users.
Integrated token management for admins and help desks.

Typical applications

Strong user authentication via browser or mobile app as the second factor.
Strong authentication for mobile apps.

Chapter content

Terms and definitions relating to FIDO

Simple FIDO authentication example

FIDO and WebAuthn knowledge

FIDO in Airlock IAM

FIDO configuration overview