Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Thales Authenticator Lifecycle Manager

FIDO Key Management

search

FIDO Key Management

FIDO Key Management provides administrators with secure and real-time control over FIDO authenticators connected to the local workstation. Using the Thales Authenticator Lifecycle Service (running on port 9333), administrators can perform FIDO device discovery, registration, configuration, lifecycle operations (such as device reset and revocation), and functional testing.

The FIDO Key Management window is optimized for routine device operations and complements the Device Inventory by enabling actions that require physical access to a FIDO key.

Under FIDO Key Management, administrators can perform the following operations:

Connect to the Thales Authenticator Lifecycle Service

For each new login session, the administrator needs to connect to the Thales Authenticator Lifecycle Service before performing any operations on FIDO devices.

On the FIDO Key Management window, under Thales Authenticator Lifecycle Service Required, click Connect to Service to establish a connection with the Thales Authenticator Lifecycle Service (Windows service).

After the connection is successfully established, the Service Connected message is displayed.

View Connected FIDO Devices List

Once the Thales Authenticator Lifecycle Service is connected, it automatically begins scanning for connected FIDO devices. After the scanning is complete, the detected devices are loaded and displayed on the window.

Note

Additional devices can be connected at any time, and clicking the Refresh button will load them and display on the window.

The connected FIDO devices are displayed in a collapsible list. Device details are presented in two views to help administrators access information efficiently.

  • Summary View: Displays essential device details in a compact format for quick identification and action. The summary view displays:

    • Device name
    • Device serial number

  • Expanded View: Displays complete device information, including lifecycle and compliance details, for in-depth management. After you click the expand arrow icon for the desired device, the following additional details are displayed:

    • AAGUID
    • FIDO Version
    • Device Type
    • Status (Configured, NotConfigured, Enrolled, or Revoked)
    • Policy Name

Configure FIDO Devices

Device configuration can be done using the following options:

Configure FIDO Devices in Bulk

  1. Under Connected FIDO Devices, click Bulk Configure.

  2. On the Bulk Configure FIDO Devices window, under Choose a Policy, select a policy to be applied to the devices, and click Continue.

  3. Under Confirm Bulk Configuration, verify the Selected Policy name, and ensure that Connection Status is set to Connected. Click Start Bulk Configuration.

    The bulk configuration is started. It may take some time to complete.

  4. After successful configuration, the Bulk Configuration Completed message is displayed. Click Close.

Configure Selected FIDO Devices

  1. Under Connected FIDO Devices, select the FIDO devices to be configured, and click Configure Selected.

  2. On the Configure Selected FIDO Devices window, under Choose a Policy, select a policy to be applied to the selected devices, and click Continue.

  3. Under Confirm Selected Device Configuration, verify the Selected Policy name, and ensure that Connection Status is set to Connected. Click Start Configuration.

    The configuration is started. It may take some time to complete.

  4. After successful configuration, the Selected Device Configuration Completed message is displayed. Click Close.

Configure Specific FIDO Devices

  1. Under Connected FIDO Devices, select the target device, and click Configure.

  2. On the Configure Device window, in the Select Policy field, select a policy to be applied to the device, and click Apply Policy.

    The configuration is started. It may take some time to complete.

  3. After the policy is successfully applied to the device, the Configuration Complete! message is displayed. Click Close.

Assign FIDO Devices to Users

Once FIDO devices are configured, they can be assigned to users for authentication purposes.

  1. Under Connected FIDO Devices, select a configured device to be assigned to a user, and click Assign.

  2. On the Assign Device to User window, in the Select Identity Provider field, select an identity provider.

  3. Search for the user to whom a device needs to be assigned, select the user, and click Next.

    Note

    For the SafeNet Trusted Access (STA) identity provider, search for a user using the exact user ID.

  4. Review the device assignment details and click Assign Device.

  5. The Assign Device to User window is opened to verify the administrator’s presence. Touch the device when prompted (most devices blink).

  6. After the device enrollment is complete, the Enrollment Successful message is displayed. Click Done.

Tip

You can verify the device status by clicking the Refresh Devices button on the Connected FIDO Device window or by navigating to the Device Inventory window.

Reset FIDO Devices

The Reset device operation restores a FIDO device to its default state. A reset operation deletes all configurations, including the user PIN.

Caution

Resetting a device is an irreversible operation that permanently deletes all previously enrolled credentials. Ensure that alternative access mechanisms are in place before initiating this operation.

  1. Under Connected FIDO Devices, select the device, and click Reset.

  2. On the Reset Device window, click Yes, Reset Device to confirm the operation.

  3. The next steps vary depending on whether the device is managed (admin-supported) or unmanaged (self-managed devices).

    • For managed devices, enter the Admin PIN when prompted, and then proceed with the steps given below for unmanaged devices.

    • For unmanaged devices,

      1. The Reset Device window appears. Remove the device, reinsert the device, and click Device Reconnected.

      2. Touch the device when prompted to initiate the reset operation (most devices blink). Wait for the reset operation to complete.

  4. On successful device reset, the Reset Completed message is displayed. Click Close.

On this page