Support for WebAuthn - FIDO2 Authentication
  • 02 Aug 2024
  • 1 Minute to read
  • Dark
    Light

Support for WebAuthn - FIDO2 Authentication

  • Dark
    Light

Article summary

Users are able to login via the Authentication Client utilizing the WebAuthn method when they have enrolled a FIDO2 External Security Key device.

Pre-requisite Administrator Settings

In order to utilize this feature, an Administrator needs to create an Authentication Policy with WebAuthn included as an Authentication Method. Users that fall into this policy will be able to use WebAuthn to log into the RI Portal and the Windows Authentication Client using a FIDO2 External Security Key.

Note

The Windows Authentication Client does not currently support the use of Pin Codes associated with Security Keys. If a Security Key has a Pin Code defined, the Windows Authentication Client and RapidIdentity will ignore it.

To ensure the authenticity of the user presenting the Security Key, The Windows Authentication Client and RapidIdentity requires at least one additional Authentication Method to be configured with WebAuthn.

Pre-requisite User Settings

Prior to authenticating via the Authentication Client with WebAuthn, a User must complete enrollment of their FIDO device in their RapidIdentity Profile.

Authenticating with WebAuthN via the Windows Authentication Client

  • Insert USB FIDO device into client machine and start WAC authentication by entering your Username.

  • Select the WebAuthn Authentication method, as shown below.

  • If the User has a single external device enrolled, authentication will immediately proceed. Once their device starts blinking, they should tap on device to complete authentication.

  • If a User has multiple devices enrolled, they will be prompted to select the appropriate device from a drop-down menu. Once selected, click the arrow to start the authentication process.

  • Once user start authentication device starts blinking, tap on device to complete authentication.

  • Once a User has authenticated successfully with WebAuthn/Fido, they will then be prompted to authenticate with other available authentication methods.

A few important notes regarding utilizing this feature:

  • Fido with MFA is the only option available for WAC users to authenticate through WebAuthn.

  • Using the Device Tab feature in WAC is the only way to use Fido authentication.

  • WAC does not offer support for password recovery with WebAuthn FIDO authentication.

  • FIDO will not perform Account Lockout in WAC.


Was this article helpful?

ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence