Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

SafeNet FIDO Key Manager for Windows

Customer Release Notes

search

Customer Release Notes

Product Description

SafeNet FIDO Key Manager for Windows is a standalone offline application that allows customers and end users to manage and setup Thales’ FIDO USB tokens and Smart Cards, Certificate-Based PKI USB Authentication Tokens, and Certificate-based PKI Smart Cards.

You can use FIDO and PKI devices for a secure and phishing-resistant authentication method for logging in to various service providers or applications. It allows administrators or users to be in full control of their physical devices and not be dependent on the limited functionality offered natively by browsers or desktops. With SafeNet FIDO Key Manager, you can configure the basic FIDO and PKI specifications and the unique set of additional features that it offers for better security and control.

Release Description

08/29/2025

SafeNet FIDO Key Manager for Windows v2.0.2 (exe/msi) and v2.0.3 (Microsoft Store) introduces the following features:

  • Added Privacy Policy.

  • Added support for Japanese language.

  • Added support for SafeNet IDPrime DI 930 FIDO 2.0 Desfire EV3 8k device.

  • Updated terminology for the "Allowed Websites" feature to "Allowed Services".

07/10/2025

SafeNet FIDO Key Manager for Windows v2.0.1 introduces the following features:

Legal & Compliance:

  • Updated End User License Agreement (EULA).

FIDO 2.0.1 Enhancements:

  • Enforce minimum PIN length on standard and enterprise devices.

  • Mandatory user verification enforcement.

  • Enforce PIN change for standard and enterprise devices.

  • Ability to convert devices from Managed mode to Unmanaged mode via factory reset option.

  • Menu updates for Standard Profile and BIO cards.

  • Auto-detection and support for new and future Thales FIDO devices.

PKI operations:

  • Device detection and display of device information for PKI devices.

  • Change PIN for PKI devices.

04/11/2025

SafeNet FIDO Key Manager for Windows v1.4 introduces the following features:

  • Support for the latest Thales devices: Thales FIDO and Fusion devices, including standard and enterprise profiles, are supported. Additional SafeNet devices: IDPrime 3940C (FIDO 2.0, 2.1, 2.1 EE), 940C (FIDO 2.0, 2.1), FIDO (2.1, 2.1 EE), PIV 4.0 FIDO 2.1 EE, and eToken Fusion NFC Enterprise.

  • Device serial number identification: Identify the device by matching the printed serial number with the serial number displayed in the software.

  • Improvements for device reset: For FIDO standard profile tokens, the user gets information to tap the device to complete the reset flow.

  • UI Improvements: Overall application user interface enhancements to align with the Windows Fluent Design System.

  • Compliant with accessibility guidelines: Support for contrast theme, screen reader (narrator), bigger text size, screen resolution, scaling, and keyboard accessibility. See the documentation for details.

10/14/2024

SafeNet FIDO Key Manager for Windows v1.3 introduces the following features:

  • Enforce Change PIN: Allows the administrator to mandate that users change their PIN upon the device's initial use.

  • Bulk Configuration: Enables users to configure multiple FIDO devices simultaneously. Every smart card or USB token connected to the system will be configured at the same time.

  • Support for the eToken Fusion FIPS NFC device

07/22/2024

SafeNet FIDO Key Manager for Windows v1.2 introduces the following feature and resolves the issues listed below:

  • Support for the eToken Fusion NFC PIV device

  • Resolved Issues

    • The SafeNet FIDO key manager application was unable to launch in admin mode on Windows machines with restricted access to the Windows Store app.

    • The confirmation reset button failed to enable when the card was removed and reinserted.

04/15/2024

SafeNet FIDO Key Manager for Windows v1.1 introduces the following features:

  • Suppport for biometrics: Allows users to add or remove a fingerprint when using a compatible SafeNet Bio Smart card. This allows users to replace their PIN with a fingerprint during authentication.

  • Support for managing FIDO credentials: Allows users to view and delete the credentials that are registered on a FIDO Key.

  • New tutorial screens: Introduce SafeNet FIDO Key Manager for Windows functionality the first time you open the application.

12/15/2023

SafeNet FIDO Key Manager 1.0 introduces the following features:

  • Pin Management: Users can set a PIN for a new FIDO key as well as change their existing PIN.

  • Device Reset: Users can reset their FIDO keys if they no longer remember their PIN or if they want to clear the credentials on their FIDO keys.

    If the FIDO key is under administrator control, the administrator can determine whether a FIDO key reset is permitted. In such cases, users must utilize the SafeNet FIDO Key Manager on the Windows platform to reset a managed FIDO key.

  • Additional features unique to SafeNet FIDO tokens and smartcards:

    Available on FIDO 2.1 FIDO Key onwards.

    SafeNet FIDO tokens and smartcards can be managed by an administrator to have more control on the FIDO Keys before they are handed over to the users. Some of those administrator features are:

    • Admin PIN Setup: An administrator can set or change admin PIN on a FIDO device that will put the device in the managed mode. When the device is in managed mode, the admin can restrict or control certain capabilities (listed below) that are available on the FIDO device.

    • Unlock PIN: An administrator has the capability to unlock a FIDO device that has been locked due to multiple PIN retries. Utilizing the admin PIN, the device is unlocked, and a new PIN must be set on the device.

    • Application Whitelist: When the administrator manages the FIDO device, they have the authority to limit its usage to specific web applications. This restriction includes limiting storage on the device to add more credentials, ensuring that the device can only be utilized for the approved websites.

    • Minimum PIN Length: Administrators can restrict the device PIN to be set with a specified minimum PIN length.

    • Manage Device Reset: Administrators can limit the capability of users to directly reset the device, mandating the use of an admin PIN before the device can be reset.

Advisory Notes

Run as Administrator

  • This application needs administrator permissions to function properly with FIDO keys. To run the application with administrator permission, Right-click the SafeNet FIDO Key Manager app icon from the app list and choose Run as administrator option. If a window pops up, click Yes for confirmation.

  • Windows 32-bit system is not supported by SafeNet FIDO Key Manager.

Localization

This release supports the following languages:

  • English

  • Japanese

Compatibility Information

Operating System

  • Windows 11 (64-bit) Desktop/ Tablet Devices, minimum OS version 22H2

  • Windows 10 (64-bit) Desktop/Tablet Devices, minimum OS version 21H2

Beta releases of the operating system are not supported.

  • Windows Server 2025 (64-bit)

  • Windows Server 2022 (64-bit)

  • Windows Server 2019 (64-bit)

  • Windows Server 2016 (64-bit)

Before using Windows Servers 2016 and 2019, make sure to download and install .NET Framework version 4.8 manually.

Supported Cards and Tokens

Following list of devices is supported in this release:

Following FIDO devices are supported:

  • SafeNet IDPrime FIDO Bio

  • SafeNet IDPrime DI 930 FIDO 2.0 Desfire EV3 8k

  • SafeNet eToken FIDO NFC

  • SafeNet eToken FIDO NFC Enterprise

Following PKI devices are supported:

  • SafeNet eToken 5110 CC (940)

  • SafeNet eToken 5110+ CC (940B)

  • Safenet eToken 5110+ CC (940C)

  • Safenet eToken 5110+ FIPS

  • Safenet etoken 5110 FIPS

  • SafeNet eToken 5300 C

  • SafeNet IDPrime 930

  • Safenet IDPrime 940

  • Safenet IDPrime 940B

  • Safenet IDPrime 940C

  • Safenet IDPrime 3940C

  • SafeNet IDPrime DI PIV4.0 FIPS (upcoming)

Following Fusion (FIDO + PKI) devices are supported:

  • Safenet eToken Fusion

  • Safenet eToken Fusion CC

  • Safenet eToken Fusion FIPS

  • Safenet eToken Fusion NFC FIPS

  • SafeNet eToken Fusion NFC PIV

  • SafeNet eToken Fusion NFC PIV Enterprise

  • SafeNet IDPrime 3930 FIDO

  • SafeNet IDPrime 3940 FIDO

  • SafeNet IDPrime 940B FIDO

  • SafeNet eToken Fusion BIO (upcoming)

  • SafeNet eToken Fusion BIO Enterprise (upcoming)

  • SafeNet IDPrime DI PIV4.0 FIPS FIDO2.1 FIPS (upcoming)

  • SafeNet IDPrime DI PIV4.0 FIPS FIDO2.1 FIPS Enterprise (upcoming)

Compatibility with Third-Party Applications

Solution Type Vendor Product Version
Digital Signatures Adobe Acrobat Pro 2024.005.20414
Browsers Mozilla Firefox 139.0.4
Microsoft Edge Chromium 92.0.902.67
Google Chrome 137.0.7151.120

Known Issues

Issue Synopsis
FIDOMOB-3647 Summary: For SafeNet eToken Fusion NFC PIV, the Enforce user verification option remains disabled even after resetting the device.
Workaround: None
FIDOMOB-3719 Summary: When using the SafeNet IDPrime FIDO BIO device in a Dual Mode (Contact to Contactless or vice-versa ) card reader, the app may show device information in a single line or fails to detect the device.
Workaround:
- Try restarting the app.
- Remove the device and re-insert it.
- If you switched the way, you inserted the device (for example, from Contact to Contactless or vice-versa), try changing back to your original method.
FIDOMOB-2653 Summary: During Batch Configuration, the application sometimes fails to detect a Smartcard that is inserted in a reader connected directly via USB.
Workaround: Remove and reinsert the card into the card reader to re-establish the connection.
FIDOMOB-3742 Summary: If a user has 2 or more devices of the same type and they are kept near the machine. During removal of the device for reset process if other device of the same make/model is picked by mistake then that device gets reset instead of the required one.
Workaround: Ensure that you re-insert the required device only to perform the reset operation.

Limitations

  • You cannot reduce the minimum PIN length below the current value, as this may be restricted by the FIDO device you are using.

  • Downgrade from SafeNet FIDO Key Manager v2.0.0 to v1.4.2 is not supported and will result in the coexistence of both the versions. Hence, it is recommended to uninstall v2.0.0 before reinstalling v1.4.2.

  • Remote Desktop Protocol (RDP) is not supported by SafeNet FIDO Key Manager.

  • PIN Pad readers are not supported by SafeNet FIDO Key Manager.

Architecture

  • x64

On this page