Skip to content

How To?

Implement authentication with FIDO2 keys

This article describes how to implement authentication with FIDO2 biometric security keys in cyberelements.

The content of this documentation is valid for any FIDO2 security key, although this article presents how to add and use a Yubikey, a security key from Yubico.

The principle of use is to allow key enrolment by the owner directly from the cyberelements web interface, in full autonomy.

Initial configuration

Step 1- Open the Configuration page

Before any key enrollment, it is necessary to configure a relying party ID in the product.

To do this, open the “configuration” screen in the cyberelements administration console, then the “Relying parties” menu.

Step 2 - Fill in the information

Fill in :

  • The desired name
  • The domain name of the cloud portal in the following form

Where ORGANIZATIONNAME corresponds to the name of your organization.

The name of your cyberelements organization can also be found here:

Enrolling keys

Step 1 - Authenticate to the cloud portal

Before a FIDO2 security key can be used on cyberelements, it must first be enrolled in the cyberelements web portal by the key owner.

Log into the Cloud portal with the appropriate user account

Step 2 - Register a new key

Open the key management window using the button in the top right-hand corner of the page


Click on the “Register a new key” button to start the enrollment process, and follow the steps shown in the pop-ups that follow.


This step should be completed within 30 seconds. The number of windows, their appearance and content may vary depending on various factors (OS, browser, key…)

After completing the enrollment steps, enter a name for the new key.

The chosen name will then be used by cyberelements to designate this key in the user’s list of keys.


Once a security key has been registered to an account, that key is required to authenticate that account to the cyberelements Cloud portal for the user concerned.

If multiple keys are associated with an account, any of the keys can be used to authenticate to that account.

Step 1- Login to your account

First log in with your user credentials (username and password).

Step 2 - Insert your key

Then you will be asked to:

  • Insert your key into one of your workstation’s USB ports
  • If the key is already present, a PIN code will be requested (depending on the key type)

Once the steps are completed, if the security key authentication was successful, the main cloud page will be displayed. Otherwise, the login form will be displayed, and an error message will be added and traced in the access logs.

Authentication keys' Management

As an administrator of the cyberelements platform, it is possible to revoke a user’s authentication key.

Step 1 - Open the key management menu

To do this, you need to go to the key management menu in the administration console:

This menu lists all the authentication keys enrolled by the users.

Step 2 - Delete a key

It is then possible to select a key and remove it. This will prevent the user from authenticating with this key.


The button for enrolling a new key for the user connected to the cyberelements web portal is only active under certain conditions.

  • FIDO2 authentication is not compatible with Internet Explorer
  • The user must be authenticated with a personal account to the portal and must not be authenticated via an “anonymous” domain.
  • The administrator must have previously configured at least one relying party ID.

If at least one of these conditions is not met, the button is grayed out and an error message is displayed when the button is hovered. The interface consists of a list of the keys associated with the user, as well as the date these keys were added. It is also possible for the user to enroll (“Register a new key” button), unenroll or rename the key.


Configure your FIDO2 Authentication 

Or book a meeting with our experts