Advanced FIDO Key Management
This section discusses the advance FIDO Key management functionalities for administrator.
The Admin Menu shows the list of features that can be managed by an administrator. The admin features are listed as below:
The Unblock a user’s FIDO key feature will always be enabled irrespective of the card type or even if no card has been attached.
Set Admin PIN for the FIDO Key
User can set the admin PIN for new card where admin PIN has not been set. This is a one time operation and cannot be reverted. On successful set admin key operation, applet mode will change from unmanaged mode to managed mode.
This operation is available only on FIDO 2.1 keys.
Follow the below steps to set the admin PIN:
-
Insert your FIDO key and launch SafeNet FIDO Key Manager application. Click on Admin to open menu items, then click on Set admin PIN for this FIDO Key option.
-
Enter the admin PIN, confirm admin PIN and click on Submit. Admin PIN should be 16 characters in length and accepts plain text including keyboard special characters.
-
Alert message is displayed asking for confirmation.
This is a one time operation. Once your FIDO Key is converted to managed mode, it cannot be converted back to unmanaged mode.
-
Click Yes for confirmation. This results in a toast message saying, Your FIDO Key has been unblocked successfully.
Update Admin PIN
Once Admin PIN has been set, you can update your previously set admin PIN to new by performing the below steps:
This operation is available only on FIDO 2.1 keys.
-
Insert your FIDO key and launch SafeNet FIDO Key Manager application. Click on Admin to open menu items and click Update Admin PIN option.
-
Enter the current admin PIN and click Submit. On successful validation of admin PIN, you will be redirected to the Update Admin PIN screen.
This is an optional step, it will only show in case you are entering the admin PIN fors the first time. Once it is authenticated, this step will be skipped for the current session.
-
Enter the admin PIN, confirm admin PIN and click on Submit. Admin PIN should be 16 characters in length and accepts plain text including keyboard special characters.
-
Upon the successful update of admin PIN, a toast message saying Your Admin PIN has been updated successfully is displayed.
Configure Whitelist
This represents one of the Thales's proprietary features, allowing users to include specific websites in a Whitelist. These whitelisted websites will exclusively participate in the authentication process. Blank Whitelist will include all the websites.
This operation is available only on FIDO 2.1 Key. You can add up to 8 websites under Whitelist in one FIDO Key.
Add Website
Follow the below steps to add website to the Whitelist:
-
Insert your FIDO key and launch SafeNet FIDO Key Manager application. Click on Admin to open menu items and click Configure Whitelist option.
-
Enter the admin PIN and click on Submit. On successful validation of admin PIN, it will redirect you to the Update Admin PIN screen.
This is an option step, it will only show in case you are entering the Admin PIN on the 1st menu item. Once it’s authenticated, this step will be skipped for the current session.
-
Enter a valid domain name and click on Add Whitelist button to add it to the Whitelist. Upon successful operation, success toast message Website is added successfully is displayed, and website domains are displayed underneath.
Domain name will accept Max length of 63 characters.
Delete Website
Follow the below steps to delete website to the Whitelist:
-
Insert your FIDO key and launch SafeNet FIDO Key Manager application. Click on Admin to open menu items and click on Configure Whitelist option.
-
Enter the Admin PIN and Click on Submit. On successful validation of admin PIN, it will redirect you to the next screen.
This is an option step, it will only show in case you are entering the Admin PIN on the 1st menu item. Once it’s authenticated, this step will be skipped for the current session.
-
Click the Delete icon.
-
A confirmation popup dialog appears, confirm by clicking Delete for the selected domain name.
-
Upon successful deletion, a success toast message stating Website deleted successfully is displayed.
Manage FIDO Key Reset
The Manage FIDO Key Reset feature allows you to enable/disable Reset FIDO Key option for FIDO Keys.
This operation is available only on FIDO 2.1 Key managed by admin.
Enable Reset FIDO Key
In case, Reset FIDO Key option is disabled/unavailable on FIDO Key. Follow the below steps to enable the reset option on the FIDO Key:
-
Click Manage FIDO Key reset option in the admin menu.
-
Enter the valid Admin PIN and click Submit.
This is an optional step, it will only appear in case you are entering the Admin PIN on the first menu item. Once its authenticated, this step will be skipped for the current session.
-
Click Disable Reset button.
-
On successful operation, a success toast message Reset has been disabled successfully is displayed.
Disable FIDO Key Reset
In case, Reset FIDO Key option is enabled/available on FIDO Key. Follow the below steps to disable Reset FIDO Key option on FIDO Key:
-
Click Manage FIDO Key reset option in the admin menu.
-
Enter the valid Admin PIN and click Submit.
This is an optional step, it will only appear in case you are entering the Admin PIN on the first menu item. Once its authenticated, this step will be skipped for the current session.
-
Click Enable Reset.
-
On successful operation, a success toast message Reset has been enabled successfully is displayed.
Configure Minimum PIN Length
Configuration of the minimum PIN length on the FIDO Key will limit users from setting a PIN length below the configured minimum on their FIDO Keys.
This operation is available only on FIDO 2.1 Key managed by admin.
Follow the below steps to set the minimum PIN length:
-
Click Configure PIN length option under the Admin menu.
-
Enter Admin PIN screen will display if valid PIN was not entered earlier.
This is an optional step, it will only appear in case you are entering the Admin PIN on the first menu item. Once its authenticated, this step will be skipped for the current session.
-
Enter the desired minimum PIN length. The minimum PIN length should be between 4 to 63 characters.
-
On successful operation, a success toast message Your PIN length has been changed successfully is displayed.
-
Subsequently, you will be required to modify the PIN, as the original PIN will no longer be valid due to the altered PIN length. This option is mandatory if the PIN has already been set; otherwise, the user can change the PIN at a later time.
-
On successful operation, success toast message Your PIN has been changed successfully is displayed.
Unblock a user’s FIDO Key
This is one of the Thales's proprietary features where admin can unblock a user’s FIDO Key, if user’s FIDO Key has been locked due to multiple wrong PIN attempts. This does not require an admin to plug FIDO key into the application.
This operation is available only on FIDO 2.1 Key managed by admin.
Follow the below steps to unblock a user’s FIDO Key:
-
Click Unblock a user’s FIDO key option under Admin menu.
-
Enter the challenge code shared by the user, valid admin PIN and click Submit.
-
On successful operation, it will generate the response code. Copy the response code and share back to the user to unblock their FIDO Key.
-
Click Finish to complete the operation and navigate back to the FIDO Key screen.