FIDO Authentication
SAS PCE Enterprise leverages FIDO (Fast IDentity Online) standards to deliver secure, simplified passwordless and multi-factor authentication (MFA) for enterprises. This integration helps minimize password-related risks, prevent phishing attacks, and enhance the overall user experience.
Key aspects of FIDO support
-
FIDO2 and WebAuthn Support: Provides full support of the FIDO2 standard, including the WebAuthn API, enabling the use of a wide range of FIDO-compliant authenticators such as, Biometric Smart Cards and USB Security Keys.
-
Passkeys and Platform Authenticators: SAS PCE Enterprise integrates with SafeNet MobilePASS+ and built-in platform authenticators like Windows Hello for Business and mobile biometrics such as fingerprint and facial recognition.
-
Flexible Enrollment Options: Users can self-provision FIDO authenticators through the user portal or during their initial login to a FIDO-protected application.
-
Policy-Based Access Control: Allows customers to have the flexibility of setting authentication flows, enforcing FIDO-based authentication requirements for tenants and applications.
Note
-
Enrollment of multiple FIDO tokens per user is not supported.
-
For correct authentication logging, both the SafeNet Access Exchange (SAE) and the FIDO Server must be deployed on servers configured with the same time zone.
-
Ensure all prerequisites included in the SafeNet Access Exchange (SAE) package are available before starting the deployment.
-
Passkey authentication is supported by this solution.
System Requirements | FIDO server
The following outlines the requirements necessary for deploying the FIDO server within the SAS PCE environment.
Environment | Description |
---|---|
Supported Operating Systems | RHEL 9 |
Supported Database Servers for FIDO | MariaDB |
Additional Software Components | - Podman - Docker |
Disk Space | - ~2 GB (FIDO server base container only) - ~5–10 GB (with logs + temporary data) Additional size may be needed for database, backup and logging. |
Prerequisites
The following components must be properly pre-installed and configured to enable the FIDO support with SAS-PCE Enterprise:
<<<<<<< HEAD
-
SafeNet Access Exchange (SAE) v1.3.0
-
On-premise FIDO server
6e57ae76b92e62270922863605e28ebd4aee88e5 - SAS-PCE v3.22
- SafeNet Access Exchange (SAE) v1.3.0