HID announced the availability of Enterprise Attestation in its FIDO authenticator portfolio of smart cards and keys, a FIDO standards-based capability that enables organizations to enforce only company-issued passkeys at registration, proving authenticator provenance before a credential is ever accepted. By doing so, Enterprise Attestation helps organizations strengthen device trust, gain visibility into authenticator origin and support high-assurance authentication without adding friction for users.

Built into HID’s Crescendo authenticators, including FIDO2-certified smart cards and security keys, and supported by identity platforms such as PingOne, Enterprise Attestation verifies authenticator provenance at the point of passkey registration. If a device cannot present valid attestation data, enrollment is blocked by policy, without requiring any changes to application workflows or additional steps for users.

Enterprise Attestation is part of the FIDO Alliance’s WebAuthn and Client to Authenticator Protocol (CTAP) specifications and is actively supported through the FIDO Alliance Enterprise Deployment Working Group. This standards-based foundation ensures organizations can enforce passkey governance without proprietary authentication flows, application lock-in or deviations from the standard user experience.