# Authorization on the HES server via a FIDO key

On the Hideez Enterprise Server, both administrators and users can authenticate using the following options:

* [Password-based](https://enterprise.hideez.com/use-cases/fido-security-key/using-hideez-key-as-u2f-security-key-for-your-two-factor-authentication) login with hardware Hideez Keys as a second Factor (FIDO U2F).
* [Passwordless login](#passwordless-login) with hardware Hideez Keys (FIDO/WebAuthn).
* [Password-based login](https://enterprise.hideez.com/use-cases/fido-security-key/using-hideez-key-as-u2f-security-key-for-your-two-factor-authentication) with [hardware security keys by other vendors](https://enterprise.hideez.com/use-cases/fido-security-key/other-vendors-hardware-keys) as a second Factor (FIDO U2F).
* [Passwordless login](#passwordless-login) using [third-party hardware security keys (FIDO/WebAuthn).](https://enterprise.hideez.com/use-cases/fido-security-key/other-vendors-hardware-keys)
* [Login with the Hideez Authenticator mobile app](https://authenticator.hideez.com/) (Biometric passwordless login/two-factor authentication) – available on Android and iOS.
* [Platform authentication](https://enterprise.hideez.com/hideez-enterprise-server/administration/platform-authentication-on-the-hes-server) using Windows, macOS, iOS, or Android.
* [Authentication using Passkeys.](https://fidoalliance.org/passkeys/)

You can configure FIDO key authentication on HES, using either an external FIDO key or a platform security key. Additionally, FIDO2 attestation can be enabled to ensure the device's authenticity and disable platform keys if necessary.

{% hint style="info" %}
**Platform keys** allow users to authenticate using built-in device features like **Touch ID**, **Face ID**, or **Windows Hello** for easier logins.
{% endhint %}

### Step 1. Adding a key <a href="#shag-1-dobavlenie-klyucha" id="shag-1-dobavlenie-klyucha"></a>

1. In the upper-right corner of the window, click the **profile icon** and select **Profile** from the drop-down list.

   <figure><img src="https://content.gitbook.com/content/RdTysrljwe610dPFG7tE/blobs/hQFlfvcDG9D5Xh49RqvW/image.png" alt="" width="563"><figcaption></figcaption></figure>

2. Go to the **Security Keys** section and click **Add FIDO2 Authenticator**.

<figure><img src="https://content.gitbook.com/content/RdTysrljwe610dPFG7tE/blobs/NzIhlRCGGmLHkR3TFTFh/image.png" alt="" width="563"><figcaption></figcaption></figure>

3. Choose the type of key and click **Next**.

<figure><img src="https://content.gitbook.com/content/RdTysrljwe610dPFG7tE/blobs/V4X9gByBVO6H1b1B8L1g/image.png" alt="" width="375"><figcaption></figcaption></figure>

4. Follow the on-screen instructions for your FIDO key:

* For **Hideez Keys**, refer to the specific [guide](https://enterprise.hideez.com/quick-start-guides/fido2-and-u2f-authentication-guide).
* For **platform security keys**, follow the [relevant instructions](https://enterprise.hideez.com/hideez-enterprise-server/administration/platform-authentication-on-the-hes-server).

You can add multiple keys if needed.

### Step 2. Authorization via the FIDO key. <a href="#shag-2-avtorizaciya-s-pomoshyu-fido-klyucha" id="shag-2-avtorizaciya-s-pomoshyu-fido-klyucha"></a>

#### **Passwordless Login**

If your key was registered without the "Use Passwordless" option:

1. Enter your email address.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2F9trhSixR7ajUxooFW55I%2Fimage.png?alt=media&#x26;token=ca7b6789-be8f-4d5e-924e-0c0aab2c44aa" alt="" width="263"><figcaption></figcaption></figure>

2. Select the **Sign in with a security key** option.
3. Follow the on-screen instructions:

   * Insert your FIDO key.

   <figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2F8zLdH1f1m8JIreOgjLPZ%2Fimage.png?alt=media&#x26;token=25e8f6a7-d1e5-45ed-a9bc-9c0c47556b7b" alt="" width="275"><figcaption></figcaption></figure>

   * Enter your PIN code.

   ![](https://content.gitbook.com/content/RdTysrljwe610dPFG7tE/blobs/yJB0GPMLJJuKw1bR4wBE/image.png)

   * When the green LED flashes, press the button on the key.

   ![](https://content.gitbook.com/content/RdTysrljwe610dPFG7tE/blobs/DHoHpOytuqXeiT1rRSis/image.png) ![](https://content.gitbook.com/content/RdTysrljwe610dPFG7tE/blobs/x5FJiq78Jwb1Hct0YnJU/image.png)

You will then be authorized on the HES server.

#### **User nameless Login**

If your key was registered with the "Use User nameless" option:

1. Select the **Sign in with a security key** option.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2Fx0BZxqH2dD5onc7tuMAb%2Fimage.png?alt=media&#x26;token=6c1b5710-281b-4cc1-959e-b318e5dd3cfa" alt="" width="266"><figcaption></figcaption></figure>

2. Follow the on-screen instructions:

* Insert your FIDO key.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2F8zLdH1f1m8JIreOgjLPZ%2Fimage.png?alt=media&#x26;token=25e8f6a7-d1e5-45ed-a9bc-9c0c47556b7b" alt="" width="275"><figcaption></figcaption></figure>

* Enter your PIN code.

![](https://content.gitbook.com/content/RdTysrljwe610dPFG7tE/blobs/yJB0GPMLJJuKw1bR4wBE/image.png)

* When the green LED flashes, press the button on the key.

![](https://content.gitbook.com/content/RdTysrljwe610dPFG7tE/blobs/DHoHpOytuqXeiT1rRSis/image.png) ![](https://content.gitbook.com/content/RdTysrljwe610dPFG7tE/blobs/x5FJiq78Jwb1Hct0YnJU/image.png)

#### Step 3: Managing Your Keys

You can manage your registered keys by renaming or deleting them using the corresponding buttons in the **Security Keys** section.

***

{% hint style="info" %}
This process simplifies user authentication while ensuring security through FIDO key integration on the Hideez Enterprise Server.
{% endhint %}