WebAuthn Biometric Device Support

WebAuthn Biometric Device Support

Currently, the WebAuthn default User Verification requirement in RapidIdentity is set to Discouraged. This allows biometric devices to not authenticate the user prior to releasing the token for log in.

If a WebAuthn Biometric device has the ability to authenticate a user (something about the user) but does not require the user to authenticate, the use of the WebAuthn device (something the user has) is sufficient for that user to successfully login to RapidIdentity.

Identity Automation customers who want to use WebAuthn Biometric Devices with RapidIdentity at this time should ensure that the device verifies or can be configured to verify that the user is in possession of the device via the biometric when authenticating with RapidIdentity.