The following information pertains to a workflow for the issuance and management of a Derived FIDO2 Credential (DFC) based upon previous guidance for the issuance of X.509-based Derived PIV Credentials. This workflow allows for organizational attestation of the FIDO2 hardware token, strong identity binding to tie a user’s existing PIV or CAC smart card to the issuance of the DFC and using attribute based access control (ABAC) to provide attestation of the assurance level of the DFC during authentication. These controls are established practices that minimize the risk of impersonation and allow for managing which resources an end user can interact with while leveraging a DFC.
Get Started Today!
Contact sales at FedGov@pingidentity.com