Product Description

The Thales Authenticator Lifecycle Manager is a centralized console for security and IT teams to deploy, configure, monitor, and govern FIDO2 authenticators at scale. It provides visibility and control for Thales authenticators and select third-party keys (for example, YubiKey Series). Thales Authenticator Lifecycle Manager streamlines the transition to a passwordless environment while ensuring security and compliance.

Version 1.3.0

Release Date: April 27, 2026

What's new

• Serial number–based stock import with policy linking – Import new devices into stock using serial numbers and pre‑link them to a policy. This enables immediate configuration during assignment or registration and includes duplicate serial‑number validation at registration time.

• Default selectors for Policy and IDP – Set one policy and one identity provider as the tenant defaults (one of each at a time). These defaults are automatically selected wherever a policy or identity provider is required, streamlining configuration and device assignment.

• User‑based assignment (Custom Solution) – Initiate an assignment workflow using a URL that includes user context. The user is automatically mapped to the tenant’s default identity provider, allowing administrators to configure and enroll a connected FIDO device for that specific user.

• NFC device operations – Perform device operations for NFC‑capable authenticators using an external NFC reader.

• Proxy configuration for the Service – Manually configure proxy settings for the Thales Authenticator Lifecycle Service to support connectivity in restricted corporate networks or VPN environments.

What's improved

• Export enhancements – Export consolidated outputs for key operations (for example, Device Inventory lists, configuration sessions, and enrollment sessions) in CSV or JSON format for auditing and reporting purposes.

• Role‑based visibility for Initial PIN – View the Initial User PIN and Admin PIN based on assigned permissions (talm_device_userpin_read and talm_device_adminpin_read) in both FIDO Key Management and Device Inventory.

• Service download link in connection screen – A direct download link for the Thales Authenticator Lifecycle Service is now available on the FIDO connection screen when the service is not installed.

• Automatic deep‑linking on FIDO Keys – Navigating to the FIDO Keys page now automatically triggers deep link to the local service, reducing manual connection steps.

• General UX enhancements – User experience enhancements across Device Inventory, FIDO Keys, and policy workflows to improve navigation and overall usability.

Version 1.2.0

Release Date: March 18, 2026

What's new

• Okta IDP Support – Enables administrators to enroll users directly from the Okta Identity Provider.

What's improved

• Improved TALM service connection handling: The Thales Authenticator Lifecycle Service is now more stable and prevents issues when it is accessed from multiple browser tabs during Thales Authenticator Lifecycle Manager operations.

Version 1.1.0

Release Date: February 11, 2026

What's new

• Live Detection – Enables administrators to securely detect and manage FIDO authenticators connected to the local workstation in real time.

• Active Listening (Keep Configuring Multiple Devices) – Continuously detects, configures, and monitors FIDO devices in real time, allowing users to connect or disconnect devices at any time while uninterrupted bulk configuration remains active.

• View PIN – Allows administrators to view the User and Admin PINs set for configured devices.

• Policy Management

  • PIN Randomization – Improves security by replacing static, common PINs with system-generated random PINs or unique PINs for each device.

  • Policy with Enforced User PIN Change and User Verification – Strengthens security by requiring users to verify their identity and change their PINs after enrollment.

• Unlock Devices

  • Physical Unlock (Admin Mode) – Allows administrators to unlock a device when they have physical access, by setting either a unique User PIN or a system‑generated random PIN for the device.

  • Remote Unlock (Challenge–Response Method) – Enables device unlocking using a secure challenge–response process between the user and the administrator when the device remains with the end user.

• PingOne IDP Support – Enables administrators to enroll users directly from the PingOne Identity Provider.

What's improved

• Modified Policy Forms – Updated and renamed policy types such as Standard and Enterprise for improved clarity and usability.

• FIDO Key Management UI Improvements – Enhanced action buttons and status tags to provide better visual clarity and a more intuitive device management experience.

Version 1.0.0

What's new

• Admin Dashboard: Provides a centralized, real-time view of your organization’s FIDO authentication ecosystem. It offers administrators quick access to essential setup actions and system insights.

• Thales Authenticator Lifecycle Service: The service is responsible for all direct communication with devices. It executes the operations initiated by the Thales Authenticator Lifecycle Manager Console and then returns the results to the console for display.

• Device Inventory: Provides a centralized, real-time view of all registered FIDO authenticators in an organization. It enables administrators to quickly locate devices and perform actions, such as view device inventory details, search devices,export devices, and revoke devices.

• Policy Management: Provides administrators a centralized interface to define, review, and manage FIDO authentication policies across an organization.

• Identity Provider (IDP) Settings: Enables integration between the Thales Authenticator Lifecycle Manager and identity providers (IDP) allowing seamless user authentication and access management.

• FIDO Key Management: Provides administrators with secure and real-time control over FIDO authenticators connected to the local workstation. Administrators can perform FIDO device discovery, registration, configuration, and Fido device operations (such as device reset and revocation).