LogoLogo
3.1.7
3.1.7
  • Getting Started
    • What is Cymmetri?
    • Release Notes
      • 3.0.1-Beta
      • 3.0.2-Beta
      • 3.0.3-Beta
      • 3.0.4-Beta
      • 3.0.5-Beta
      • 3.0.6-Beta
      • 3.0.7-Beta
      • 3.0.8-Beta
      • 3.0.9-Beta
      • 3.0.10-Beta
      • 3.0.11-Beta
      • 3.0.12-Beta
      • 3.1.0 - Product Release
      • 3.1.1-Beta
      • 3.1.2 - Product Release
      • 3.1.3-Beta
      • 3.1.4-Beta
      • 3.1.5-Beta
      • 3.1.6 -Beta
      • 3.1.7 - Product Release
      • 3.1.8 -Beta
      • 3.1.9-Beta
      • 3.1.10-Beta
      • 3.1.11-Beta
      • 3.1.12-Beta
      • 3.1.13-Beta
      • 3.1.15 -Beta
      • 3.1.16
      • 3.1.17
      • 3.1.18
      • 3.1.15 - Product Release
      • 3.0.x Consolidated
      • 3.1.x Consolidated
    • Starting your Cymmetri Trial
    • Admin Dashboard
    • Accessing Cymmetri
    • Supported Web Browsers
    • Cymmetri Error Codes
    • Help
    • Personalization
      • General Config
      • Admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Tenant Branding
      • Custom Attributes
      • API Client
      • Batch Tasks
      • API Extension
    • Global Search
  • Identity Hub
    • Managing Users and Groups
      • User Management
      • User Detail
      • Create Users
      • Edit Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Delegation
        • Setting up Delegation
        • Delegating Work to Delegatee
        • Accepting Delegation
      • Suspended Users
      • Archived Users
      • All Users Session
    • Authentication
      • Identity Provider
        • Internal IDP
          • Introduction
          • Internal Identity Provider Configuration: Cymmetri
          • Internal Identity Provider Configuration: Active Directory
          • Internal Identity Provider Configuration: LDAP
        • External IDP
          • Introduction
          • External Identity Provider Configuration - Google IDP
          • External Identity Provider Configuration - Azure IDP
          • External Identity Provider Configuration - Salesforce IDP
      • Service Provider
      • Authentication Rules
      • Password Policy
      • Global Auth Policy
      • Adaptive
    • Attribute Setting
    • Password Filter
    • Logs
      • Audit Log
      • Import History
      • Scheduler History
  • Lifecycle Management
    • Application Management
      • Support for Application Management
      • Getting Started
        • Introduction to Application Management
        • Adding Applications to be managed by Cymmetri
        • Assigning Applications to End Users
        • Application Detail
        • Dynamic Forms
        • Configuring Connector Server
        • 360 Degree Recon
      • Provisioning How to
        • Cymmetri Connector List
        • Supported Provisioning Operations
        • Azure Provisioning
        • Active Directory (AD) Provisioning
        • Google Workspace Provisioning
        • LDAP Provisioning
        • Powershell Provisioning
        • REST Connector Provisioning
        • SCIM v2.0 Provisioning with Basic Authentication
        • SCIM 2.0 with Bearer Authentication
        • SCIM 2.0 with Fixed Bearer
        • Github Provisioning
        • ServiceNow Provisioning
        • AMAYA
        • HRMS
          • Darwin Box
        • Database Provisioning
        • CSV Directory (Flat-file)
        • Managing Manual Application Assignments
        • SOAP Connector (XML)
        • Integration with Service Desk Management Systems
      • Reconciliation How to
        • Configuring Reconciliation Process
      • Rules
        • Provisioning
        • Deprovisioning
    • Workflow Management
      • Workflow Configuration
      • Workflow Rules
      • Pending Workflows
      • Workflows List
    • Teams Config
    • Configuring Webhooks
    • On Demand Access
    • Form Logic
  • Single Sign On
    • Introduction
    • SSO Configuration
      • SAML 2.0 Based SSO
      • API Based SSO
      • OpenID Connect Based SSO
    • Multifactor Authentication(MFA)
      • Introduction
      • Cymmetri Authenticator
      • Push Authenticator
      • Google Authenticator
      • SMS Authenticator
      • Secret Questions
      • FIDO Authenticator
      • Admin MFA Setting
    • Passwordless
      • Introduction
      • TOTP Based
      • OTP Based
      • Consent Based
      • FIDO Based
  • My Workspace
    • Getting Started
      • Introduction
      • First Time User Registration
      • End User Login Process
      • Forgot Password & Unlock Account
      • User Settings
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • On Behalf
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
  • Governance
    • Compliance Management
      • IGA Policy Violations
    • Insights
      • Reports
      • Risk
      • Management Dashboards
        • CISO Dashboard
        • CRO Dashboard
      • Industry Compliance
    • Access Certification
      • Setting up and managing Access Reviews
    • Recommendation Engine
    • Role Management
      • Role Mining
      • Entitlements
      • Managing Roles in Cymmetri
    • Segregation Of Duties (SOD)
  • Self-Service App
  • Analytics
    • Cymmetri Analytics
Powered by GitBook

Cymmetri.com

On this page
  • Key Features of FIDO Authenticator
  • Configuration

Was this helpful?

Export as PDF
  1. Single Sign On
  2. Multifactor Authentication(MFA)

FIDO Authenticator

Was this helpful?

The FIDO (“Fast IDentity Online”) Authenticator is a hardware device or software solution designed to provide secure access to services and applications through robust, user-friendly authentication methods. FIDO Authenticators support multiple authentication technologies including biometrics (such as fingerprint recognition, facial recognition), security keys, and mobile devices.

Key Features of FIDO Authenticator

  • Strong Authentication: By using cryptographic techniques, FIDO Authenticator ensure a high level of security, making unauthorized access significantly more difficult.

  • Privacy-Focused: Biometric data, when used, does not leave the device. This ensures that personal information is kept secure and private.

  • Ease of Use: FIDO authentication simplifies the user experience by allowing a single gesture, like a fingerprint swipe or facial recognition, to quickly access services without remembering passwords.

  • Versatility: These authenticators are designed to work across a wide range of devices and platforms, ensuring seamless integration into users’ digital lives.

  • Phishing Resistant: Because authentication is tied to the user’s device and uses cryptographic keys, it is virtually impossible for attackers to replicate or steal credentials through phishing attacks.

Configuration

For configuring FIDO Authenticator in Cymmetri, select the FIDO Authenticator toggle button and click confirm to setup FIDO Authenticator as an MFA option

Next move to configure the rules for Multi-factor authentication policy for login

You may either click on the pencil icon to start editing the rule, or create a new rule as shown below:

Once you have either created a new rule or edited an existing one, change the dropdown of the FIDO Authenticator factor to indicate that it is mandatory (required).

The options available for each factor are:

Required: This setting means that the corresponding factor is required to be enabled for each user, and every user must set up this factor in their next login.

Optional: This setting means that the corresponding factor is not required to be enabled for each user, and they may configure this option from their "My Workspace". Once the user configures it, they may use it for the purpose of second level of authentication during authentication. Disabled: This settings means that the corresponding factor is not required or enabled for each user, and the user may not configure or use it for authentication into the Cymmetri platform.

An administrator can further customize to whom the rule would be applicable by selecting user(s) or group of users in the "Assigned to" Tab, If the rule is to be applied to all the users then the "All Users" option need to be selected

Once the changes are saved this is how the rule appears:

All subsequent logins of any user on the Cymmetri Identity platform will now require the use of the FIDO Authenticator mechanism.

The user needs to setup the Cymmetri Authenticator for receiving the push notification on the device, for which the user needs to download the Cymmetri Verifier app. The links below can be used to download the Cymmetri Verifier App on Android or IOS:

Once downloaded we need to scan the QR Code in the Cymmetri Verifier App to register the device

Once the device is registered successfully a notification is show on the dashboard

Now when the user selects FIDO Authenticator as an MFA mechanism and consent notification is sent to the mobile device (The consent notification appears as shown below) and the user needs to accept the consent in the stipulated time to be allowed to login also after the user accepts the consent the user needs to prove their identity by providing biometrics (such as fingerprint recognition, facial recognition).

Once successfully verified the user is redirected to the Dashboard

IOS-

Android -

https://apps.apple.com/in/app/cymmetri-verify/id6455987489
https://play.google.com/store/apps/details?id=com.cymmetri.verify