FIDO key management

This section describes reset, and unblock functions supported by FIDO Key Manager.

Connect FIDO keys

1. Connect one or more FIDO keys to the Mac or USB card reader.

2. Open FIDO Key Manager.

   After a FIDO key is detected, details such as key name, serial number, version, AAGUID, managed status, PIN status, and PIN retries are displayed.

   

   If multiple keys are connected, a list of the FIDO keys that have been detected displays.

   

   When you add or remove a FIDO key, the list is automatically updated.

3. Select a key to manage.

Manage FIDO key resets

You can enable or disable the Reset FIDO Key option.

This operation is available only on FIDO 2.1 or later keys.

Enable / Disable FIDO key reset

To enable the Reset FIDO Key option:

1. Connect a FIDO key to the tablet or desktop PC.

2. Open FIDO Key Manager.

3. Select Admin > Manage FIDO Key reset.

   

4. Enter the admin PIN and then select Submit.

   

   This step displays only if you are entering the admin PIN for the first time. After the admin PIN is authenticated, this step is skipped for the rest of the session.

5. Select Turn Off Reset or Enable Reset to toggle the FIDO Keys reset functionality.

   

Reset a FIDO key

The user PIN can be reset when a FIDO key is locked, applications are removed, or the FIDO key is forgotten.

To reset a FIDO key:

1. Connect a FIDO key to the Mac or USB card reader.

2. Open FIDO Key Manager and select the FIDO key.

3. Select Reset FIDO Key.

   

4. Select Yes, reset FIDO key.

   

5. Remove and re-connect the FIDO key.

   

6. Select Confirm Reset.

   

Unblock FIDO keys

You can unblock an admin or user FIDO key if, for example, it has been locked due to multiple incorrect PIN attempts.

This feature is available only on Thales FIDO keys.

Unblock a key as an admin

To unblock a FIDO key when you are an admin:

1. Connect a FIDO key to the Mac.

2. Open FIDO Key Manager and select the FIDO key.

3. Select Unblock FIDO Key.

   

4. Select I am an admin

   

   An administrator authentication screen displays.

5. Enter the admin PIN, and then select Submit.

   Upon successful unblocking of the PIN, you are redirected to the PIN change interface.

6. Enter the new PIN, confirm, and then select Submit.

   

Unblock a user key remotely

To unblock a user's FIDO key as an admin:

1. Open FIDO Key Manager and select the FIDO key.

2. Select Unblock FIDO Key.

   

3. Select Generate code.

   

   A challenge code is generated on the user side.
   The user must share this code with the administrator.

4. Receive the response code from the user.

5. Enter the response code from the user and then select Submit.

   

6. Enter a new PIN, confirm the PIN, and then select Submit.

   

Unblock a user key from the Admin menu

You do not have to insert the user's key into the FIDO Key Manager application.

This operation is available only on FIDO 2.1 keys.

This feature will always be enabled irrespective of the card type or even if no card has been attached.

To unblock a user’s FIDO Key:

1. Open FIDO Key Manager and select the FIDO key.

2. Select Admin > Unblock a user’s FIDO key.

   

3. Enter the challenge code shared by the user and the admin PIN, and then select Submit.

   

   On success, the system generates the response code.

4. Copy the response code and share with the user to unblock their FIDO Key.

5. Select Finish.