Generic selectors
Exact matches only
Search in title
Search in content

SecSign ID Server passed FIDO Certification

06/29/2022 / 0 Comments

We are happy to announce that the SecSign ID server has passed the official FIDO certification program of the FIDO Alliance. This will allow you to use the complete FIDO2/WebAuthn standard for passwordless 2FA sign-ins in your existing applications with the help of our SecSign ID server.

SecSign ID Server

The SecSign ID server is a two factor authentication (2FA) and identity and access management (IdM / IAM) solution. It allows you to secure your logins and transactions in all your applications including, but not limited to, web and mobile. It also has user management and access controls included and allows you to integrate it with your existing user directory like an Active Directory (AD) or Azure. The SecSign ID server can be integrated in all your existing flows using SAML, OAuth, Open ID Connect or REST for example. It supports a wide variety of authentication methods to use and combine as needed including our SecSign mobile app for iOS, Android, Mac and Windows and other methods like TOTP (e.g. Google Authenticator), SMS, Email OTP, certificates, smart cards and now also FIDO/WebAuthn.

FIDO Certification

FIDO2 is a set of specifications including the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and the FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP). FIDO2 enables users to leverage common devices to easily authenticate passwordless to online services both in mobile and desktop environments, and to utilize authenticators including USB/NFC security keys like the YubiKey or smart phones.

With the certified FIDO implementation of the SecSign ID server you have full compatibility with all existing and future FIDO authenticator devices and the server supports the complete FIDO/WebAuthn standard including the FIDO Metadata Service. You can integrate FIDO in all the authentication flows that are supported by the SecSign ID server and add FIDO support to your applications.


The SecSign ID server also supports multi-device FIDO credentials, known as “passkeys”. Passkeys extend the concept of FIDO platform authenticators. You don’t need a special hardware or app but just use the device you already own to sign-in. Passkeys are based on the FIDO standard, are being supported by Apple, Google and Microsoft, and make the use even easier than before. They give you access on all platforms and synchronize the credentials end-to-end encrypted between all your devices in the cloud. For example you can use FaceID on your iPhone to do a login on a Windows laptop. Likewise you can use your Android phone unlock pattern to authenticate a login on a Mac. On top of this they also improve the integration of the FIDO authentication on the native platform. And to prevent the loss of the credentials they enabling the recovery to a new device through your cloud account. The SecSign ID server allows to you to easily onboard and manage the devices and supplies you with the needed WebAuthn backend to use passkeys in your applications. Our server also allows a seamless integration with other FIDO devices and many fallback authentication methods with the same security level.

With the choice of several 2FA methods you can you whatever works for you in that exact moment - mobile, desktop, backup method - FIDO, WebAuthn, SMS, TOTP, etc.

Key Features about the FIDO support in the SecSign ID server

Manage the FIDO devices yourself including onboarding and deleting (if allowed by the admin)

Manage your users directly in the SecSign ID IDM/IAM or connect your existing user directory like an Active Directory, LDAP, Azure, …

Use groups to control which user uses FIDO

Admins can specify which kind of FIDO tokens are allowed. E.g. disallow platform authenticators or FIDO devices with weak security features to conform to a high standard policy or a required audit

Realise a secure and comfortable two-step login for users where the first step is an username/password login and the second step is FIDO 2FA for example

Use the self-services to see all activated FIDO devices/tokens

Add a fallback 2FA/MFA method to your activated method

You can also disallow specific FIDO authenticators that are outdated or compromised for example or just allow specific devices from a whitelist

Add more than one FIDO device to your account, so you can still sign-in if you lose the FIDO device (if allowed by the admin)

Use many different 2FA methods in the SecSign ID server like Email OTP, SMS OTP, TOTP apps and tokens, the SecSign app for mobile and desktop and of course FIDO

Allow users from the internal company network to sign-in without 2FA by using IP whitelists

You have the choice: Use the server in our cloud or host it yourself on premise

Give your FIDO tokens/devices a nickname when onboarding them

About Us

Trust in our 22 years experience with public key infrastructure (PKI). We design signature and authentication solutions that are built on PKI just like FIDO and WebAuthn. We deliver on premise and cloud solutions for our customers in highly audited environments and for extremely sensible and critical infrastructure but also for normal customers in the private sector who just need a secure and modern authentication or signature component.

If you need more information please contact us. You can find more infos about FIDO in the SecSign ID server here. General infos about the SecSign ID server can be found here.

SecSign 2FA