October 21, 2020

White Paper: Considerations for Deploying FIDO Servers in the Enterprise

Today, secure access to online applications and services has evolved into a model based on devices, public key cryptography and biometrics to replace the anachronistic use of passwords as shared secrets. Since 2013, the FIDO Alliance has developed open and scalable advancements to eliminate phishing and other security attacks. To introduce these improvements and to educate employees throughout corporate management and IT security, FIDO Alliance has developed a series of best practices and how-to white papers that match the Alliance’s goals with the responsibilities and titles of technology professionals. This work is dedicated to eliminating passwords and securing the simple act of logging on within all companies. 

A FIDO server is a necessary component in a FIDO implementation. The FIDO server stores the user’s public key credential and account information. During a FIDO Authentication or registration flow, the server generates a cryptographic challenge in response to a request from the application. The server then verifies the signature provided by the client using the server’s corresponding public key, and logs the user in. 

This white paper is intended for IT professionals and identity architects to guide them in choosing the right FIDO server implementation and deployment architecture when integrating and enabling FIDO-based authentication in enterprise applications. Enterprises must consider several factors in their planning to select and deploy a FIDO server, including build vs. buy assessment (and the risks and benefits associated with each), the desired deployment model, the required server capabilities, and the security and privacy requirements. 

MORE Implementation & Deployment

White Paper: Considerations for Deploying FIDO Servers in the Enterprise

Today, secure access to online applications and services has evolved...

Deploying FIDO in Japan: An Interview with SBI Sumishin Net Bank

SBI Sumishin Net Bank is an Internet-focused bank jointly established...

October 10, 2020

Technical Note: FIDO Authentication and EMV 3-D Secure – Using FIDO for Payment Authentication

The FIDO Alliance defines standards that enable strong consumer authentication...

September 29, 2020

First Citrus Bank Eliminates the Password for Employees

Florida-based First Citrus Bank provides premier independent community banking services...

August 14, 2020
Download Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.