FIDO2 (Fast IDentity Online) allows your applications to authenticate users using public key-based credentials.
PingOne supports the use of the FIDO2 protocol, and the PingOne FIDO2 server is a FIDO2 certified product.
You can add FIDO2 as an authentication method for your end users. To set up FIDO2, edit an existing authentication policy or create a new one. For more information, see Editing an authentication policy and Adding a multi-factor authentication step.
- Based on public key cryptography
- Ensures that private keys remain on the FIDO2 device only
- Does not employ server-side shared secrets that could otherwise be compromised
- Isolates services from accounts
- FIDO2 biometrics, by using a gesture in a compatible device
- FIDO2 security keys
FIDO2 biometrics
FIDO2 security keys
A hardware-based security key can be used to authenticate users, often in sensitive environments or environments with limited device or phone access, such as hospitals, financial institutions, or federal buildings. FIDO2 security keys are backward compatible with U2F, enabling PingOne to support both FIDO2 and U2F security keys.
FIDO policy
You can configure one or more FIDO policy and include it in your MFA policy. You can create a FIDO policy for the use of FIDO2 Biometrics and FIDO2 security keys. Create a FIDO policy to define which FIDO devices and authenticators can be used for registration and authentication purposes, and to enable usernameless and passwordless authentication. For more information, see FIDO.