Functional Certification: Servers

The FIDO Functional Certification program allows members and non-members to measure compliance and ensure interoperability among products and services that support FIDO specifications. Companies completing certification may display the FIDO® Certified logo to demonstrate to consumers, customers and partners that they have created a high‐quality, interoperable FIDO implementation that is known to work with other FIDO implementations.

Steps to FIDO Certification

1. Conformance Self‐Validation, where test tools are used to validate that the implementation conforms to the FIDO specifications.
2. Interoperability Testing, where testing is performed at a proctored event or On Demand to ensure that implementations are functional and compatible with other implementations.
3. Authenticator Certification: All authenticators must meet additional security requirements and select at least Level (L1) Authenticator Certification.
4. Certification Submission, where all the required documentation is submitted as a request for certification. The Authenticator Vendor (Implementer) must pay the Authenticator Certification Fees before a certificate is issued.
5. Trademark Usage (optional). After executing the Trademark License Agreement, implementers may use the FIDO® Certified mark and logo on their product, packaging, and marketing literature.
6. FIDO Metadata Service Registration (recommended): The FIDO Alliance Metadata Service (MDS) is a web-based tool where FIDO authenticator vendors can publish metadata statements for FIDO servers to download. This provides organizations deploying FIDO servers with a centralized and trusted source of information about FIDO authenticators.

The certification process is managed by the FIDO Alliance staff. Should you have any questions not answered by the FAQs, please feel free to contact us at certification@fidoalliance.org.

Functional Certification Process: Servers

Conformance self‐validation testing is a required step of the certification process. Self‐validation results submitted through the corresponding test tools must be confirmed by FIDO’s Certification Secretariat  at least 14 days before attending an interoperability event to ensure that implementations are at least minimally compliant with the specifications. Conformance testing is available for all FIDO protocols.

The test tools can be used as part of the development process to ensure that implementations are conformant with the specifications as they are being developed. When an implementation is ready for the official test, simply select that the test being run is an official test and the results will be logged as part of the official records.

Access to the UAF, U2F, and FIDO2 Conformance Test Tool will be provided to participants upon successful completion of registration. This access will grant you to the conformance tools for all protocols including directions for running. Prior to using the test tool, authenticator implementers must register for a Vendor ID. See Vendor ID Registration below.

NOTE: All tests for the implementation (i.e. authenticator, client/authenticator combo, or server) must be run and passed prior to participating in an interop event. This includes all tests related to metadata service tests.

Vendor ID and Metadata Registration

UAF Authenticators are required to register for a Vendor ID on a one‐time‐per‐company basis. Please begin the process at registration. More details about metadata are included in the “Help” section of the UAF Test Tool.

To view the list of the currently assigned Vendor IDs please visit the Vendor ID page.

*** Note that U2F implementations, UAF Servers, UAF Clients and FIDO2 implementations do not need a Vendor ID. ***