FIDO2 Device-Bound Passkey Support

Anthony - Versasec Support
Anthony - Versasec Support
  • Updated

From version 6.3 vSEC:CMS has the ability to manage the life cycle of FIDO2 device-bound passkeys. 

vseccms-fido.png

Using vSEC:CMS you can register and manage FIDO2 device-bound passkeys on behalf of a user with an IdP. When a supported FIDO2 device-bound passkey is issued with vSEC:CMS, the credential (public key) is sent to the IdP which will use this when authenticating the user post issuance. If the supported FIDO2 device-bound passkey also has a PKI application then you can leverage on this to issue and manage certificates for other use cases using vSEC:CMS as part of the issuance process.

vSEC:CMS supports multiple IdPs for managing FIDO2 device-bound passkeys. Please refer to the different articles below for details on how to integrate with them:

  • Entra ID - see here
  • Thales STA - see here
  • Entrust Identity as a Service (IDaaS) - see here
  • Okta - see here
  • Ping - see here