While FIDO has been specifically designed to simplify the user experience in parallel to boosting security, a large scale set up will require additional work – quite particularly so within the backend infrastructure.
A very helpful observation here to make is that most major platforms and browsers (in the middle) have already incorporated FIDO2 to considerably reduce the need for local third-party applications. However, the infrastructure depicted on the right-hand side may require its own FIDO2 Server to implement a Relying Party (RP). To facilitate this step, we also offer a reinforced version of a FIDO2 server to match our excellent client-side hardware, i.e. FIDO2 dongles. We will be introducing it here shortly as a complementary product.
As the name would suggest it, the RP in turn requires an Identity Provider (IdP) which could be any number of things in fact. For example, most enterprises are currently leaning towards Microsoft’s Azure Active Directory (AAD). Subsequently, AAD can also relay authentication requests to local Group Directory (GD) services of a company which contain the user objects in question. It goes without saying that proper and policy-aligned integration of these essential building blocks of a FIDO2 based enterprise-grade authentication solution calls for professional attention with a good portion of subject matter expertise and project management.
Given our experience in the enterprise business which now spans three decades, we are more than happy to support our customers and partners on their way into the future of sustainable password-less authentication. Our professional services include general consultancy, project management, technical design and architecture, bespoke software solutions and of course high- and low-level IT security awareness all the way into the salient cryptographic details, if someone wants ‘to see what makes it tick’.
Feel free to reach out to us for more information on this.
Consider the following high-level structure of FIDO2: