LAM allows to secure logins via WebAuthn/FIDO2. This means your users login with their LDAP password and an additional hardware token (e.g. Yubico Security Key, Windows Hello and many more).

WebAuthn/FIDO2 is a very strong 2-factor-authentication method as it also checks the website domain. This prevents attacks via web proxies.

To use this feature you need to activate the 2-factor authentication in LAM.

LAM admin interface

Please activate WebAuthn/FIDO2 in your LAM server profile. Then users will be asked to authenticate via WebAuthn/FIDO2 on each login.

If no device is registered for a user then LAM will ask for this during login. Afterwards, users can manage their devices with the WebAuthn tool.

LAM Self Service

Please activate WebAuthn/FIDO2 in your LAM self service profile. Then users will be asked to authenticate via WebAuthn/FIDO2 on each login.

If no device is registered for a user then LAM will ask for this during login. Afterwards, users can manage their devices with the WebAuthn field.

Global device management

This is for cases where one of your users has no more access to his device and cannot login anymore. In this case you can delete his device(s) in the LAM main configuration.

Note that devices can only be deleted. Registration of devices can only be done by the user during login or on the management pages listed above.