FIDO Method
The FIDO content area enables administrators to establish, configure, enable and maintain FIDO devices, which includes determining whether a PIN is required to logon or unlock the workstation.
FIDO - Profile List
By default, RapidIdentity Server has a single profile for FIDO.
The Default profile contains a default PIN Policy with these settings.
Setting | Value |
|---|---|
Require PIN | No. A value of “Yes” indicates a user must provide PIN in addition to the FIDO token to login but not to unlock a locked session. |
Version | U2F_V2. |
App ID | The default value is blank. This value should be the URL of RapidIdentity Server (e.g. https://server.domain.com) for which the user is authenticating. FIDO requires SSL. |
Secure Logon Password (required) | No. If set to “Yes”, a user’s password will be randomized and unknown to the user upon enrollment. |
Administrators can remove a profile by clicking Delete or edit a profile by clicking Edit.
FIDO - Edit Profile
After editing the Bluetooth Profile settings, click Save or Cancel to discard.
FIDO - PIN Policies
The FIDO PIN Policies menu only contains the Default PIN Policy.
To edit a PIN Policy, click Edit.
After updating the policy criteria, click Save or Cancel to discard.
Field | Description |
|---|---|
Minimum/Maximum PIN Length | Determines the length of the PIN that is used on enrollment and logging into the system. 6 and 16 are the default minimum and maximum values. |
PIN Expiration Days | Determines how long the registered PIN will last before expiring. |
PIN must meet complexity requirements | Determines how complex the PIN must be. |
Windows Password as PIN | The user’s Active Directory password will be used as PIN. |
No more than three repeated characters | PIN cannot have three repeated characters. (Example: 111, 444) |
No more than three consecutive characters | PIN cannot have consecutive characters. (Example: 123, 456) |
Must contain alpha and numeric characters | PIN must have both a letter and number. (Example: A1B, C2D) |
Must only contain numeric characters | PIN can only have numbers. (Example: 159, 753) |
Must contain special characters | PIN must have a special character. (Example: !23, @34) |
FIDO - New Profile
In order to assign a new Profile to a Set, administrators must first create the new Profile.
Follow these three steps to create a new Profile.
Click New Profile.
Enter a Name and Description and modify the criteria as needed.
Choose Require a PIN for Workstation Logon if the user is to be prompted for a password when presenting their authentication method.
Choose Do NOT Require PIN for Workstation Unlock when the system is locked and the user presents their authentication method. The user will NOT be asked to enter a password.
Choose Secure Logon Password has a default set to No. If this is enabled, when the user presents their finger to the reader the user’s password will be randomized and unknown to the user.
Click Save or Cancel to discard.
FIDO - New PIN Policy
To create a new PIN Policy, click New PIN Policy.
Name the new policy and adjust the criteria as necessary. When complete, click Save or Cancel to discard.
Field | Description |
|---|---|
Name | The name of the PIN policy. |
Minimum/Maximum PIN Length | Determines the length of the PIN that is used on enrollment and logging into the system. |
PIN Expiration Days | Determines how long the registered PIN will last before expiring. |
PIN must meet complexity requirements | Determines how complex the PIN must be. |
Windows Password as PIN | The user’s Active Directory password will be used as PIN. |
No more than three repeated characters | PIN cannot have three repeated characters. (Example: 111, 444) |
No more than three consecutive characters | PIN cannot have consecutive characters. (Example: 123, 456) |
Must contain alpha and numeric characters | PIN must have both a letter and number. (Example: A1B, C2D) |
Must only contain numeric characters | PIN can only have numbers. (Example: 159, 753) |
Must contain special characters | PIN must have a special character. (Example: !23, @34) |