We are excited to announce that the SafeNet eToken Fusion NFC PIV tokens are now Generally Available (GA) for ordering.

These hybrid PKI/FIDO security keys are well suited for medium to large-sized organizations, preferably in regulated markets such as financial services, manufacturing and public administration who need to follow NIST regulation. These organizations want to deploy passwordless phishing-resistant authentication to their employees working in various environments.

SafeNet eToken Fusion NFC PIV serves as both, a FIDO Security Key, and a Personal Identity Verification (PIV) token which is a PKI standard developed by NIST.

This security key enables organization to adopt FIDO authentication for secured access to modern web applications and desktop sessions, while keeping PIV based authentication for legacy resources and operations such as digital signatures or file encryption.

SafeNet eToken Fusion NFC PIV contactless mode (NFC) combined with USB-C or USB-A form factor ensures streamlined login and compatibility with a wide array of devices and operating systems, including Windows desktops, Mac, iOS, Android and Linux platforms.

To address the different approaches adopted by organizations to deploy FIDO authentication, these keys are available in two editions:

SafeNet eToken Fusion NFC PIV – Standard Edition

Fully certified by FIDO Alliance, it supports features defined by the  FIDO2.1/CTAP2.1 standard to deploy FIDO authentication more securely:

• Discoverable credentials management
• Enforce user verification (PIN) when accessing a service​
• Force end user to change the PIN ​at first use
• Define a minimum PIN length

SafeNet eToken Fusion NFC PIV – Enterprise Edition

Organizations looking to accelerate and secure their passwordless journey are now able to extend capabilities to benefit from Thales FIDO Enterprise Features, on top of FIDO2.1:

• Managed mode: Only IT operators can manage security policies and sensitive operations on the FIDO keys
• Services allow list: Permits IT operators to limit the usage of the FIDO keys to preferred company services and by then ensure appropriate usage of the FIDO keys
• Unblock FIDO keys: Allows end users to unblock their keys, under the control of the IT operator, without having to fully reset the key and re-register it to the enterprise web services
• Ensure persistent PIN length: Prevents end users from changing the minimum PIN length
• Manage reset: Prevents end users from unintentionally resetting their FIDO key

These new security keys are compatible with SafeNet Trusted Access, OneWelcome Identity Platform and IdCloud and third party IDP’s such as Microsoft Entra ID, and can be managed in SafeNet Authentication Client, SafeNet FIDO Key Manager and  vSEC:CMS.