FIDO key management
This section describes LED-color, reset, and unblock functions supported by FIDO Key Manager.
Connect FIDO keys
-
Connect one or more FIDO keys to the tablet or desktop PC USB port or card reader.
-
After a FIDO key is detected, details such as key name, serial number, version, Applet mode, setup PIN, and PIN configured display.
If multiple keys are connected, a list of the FIDO keys that have been detected displays.
When you add or remove a FIDO key, the list is automatically updated.
-
Select a key to manage.
-
Select the back arrow (<-) to return to the FIDO key list.
Set LED color
The color of the LED on a FIDO device can be changed. The LED blinks when the device is connected to a PC.
To set a color for the LED:
-
Connect a FIDO key to the tablet or desktop PC.
-
Select Set LED color on the token info page.
-
Select a color from the dropdown menu and then select Submit.
The LED displays the selected color.
Manage FIDO key resets
You can enable or disable the Reset FIDO Key option.
This operation is available only on FIDO 2.1 or later keys.
Enable FIDO key reset
To enable the Reset FIDO Key option:
-
Connect a FIDO key to the tablet or desktop PC.
-
Select Admin > Manage FIDO Key reset.
-
Enter the admin PIN and then select Submit.
This step displays only if you are entering the admin PIN for the first time. After the admin PIN is authenticated, this step is skipped for the rest of the session.
-
Select Disable Reset.
Reset a FIDO key
The user PIN can be reset when a FIDO key is locked, applications are removed, or the FIDO key is forgotten.
To reset a FIDO key:
-
Connect a FIDO key to the tablet or desktop PC.
-
Open FIDO Key Manager and select the FIDO key.
-
Select Reset FIDO Key.
-
Select Yes, reset FIDO key.
-
Remove and re-connect the FIDO key.
-
Select Confirm Reset.
Disable FIDO key reset
To disable the Reset FIDO Key option:
-
Connect a FIDO key to the tablet or desktop PC.
-
Open FIDO Key Manager and select the FIDO key.
-
Select Manage FIDO Key reset in the Admin menu.
-
Enter the admin PIN and the select Submit.
This step displays only if you are entering the admin PIN for the first time. After the admin PIN is authenticated, this step is skipped for the rest of the session.
-
Select Disable Reset.
Unblock FIDO keys
You can unblock an admin or user FIDO key if, for example, it has been locked due to multiple incorrect PIN attempts.
This feature is available only on Thales FIDO keys.
Unblock an admin key
To unblock an administrator's FIDO key:
-
Connect a FIDO key to the tablet or desktop PC.
-
Open FIDO Key Manager and select the FIDO key.
-
Select Unblock FIDO Key.
-
Select I am an admin
An administrator authentication screen displays.
-
Enter the admin PIN, and then select Submit.
Upon successful unblocking of the PIN, you are redirected to the PIN change interface.
-
Enter the new PIN, confirm, and then select Submit.
Unblock a user key remotely
To unblock a user's FIDO key:
-
Open FIDO Key Manager and select the FIDO key.
-
Select Unblock FIDO Key.
-
Select Generate code.
A challenge code is generated on the user side.
The user must share this code with the administrator. -
Receive the response code from the user.
-
Enter the response code from the user and then select Submit.
-
Enter a new PIN, confirm the PIN, and then select Submit.
Unblock a user key from the Admin menu
You do not have to insert the user's key into the FIDO Key Manager application.
This operation is available only on FIDO 2.1 keys.
This feature will always be enabled irrespective of the card type or even if no card has been attached.
To unblock a user’s FIDO Key:
-
Open FIDO Key Manager and select the FIDO key.
-
Select Admin > Unblock a user’s FIDO key.
-
Enter the challenge code shared by the user and the admin PIN, and then select Submit.
On success, the system generates the response code.
-
Copy the response code and share with the user to unblock their FIDO Key.
-
Select Finish.
