FIDO Authenticators
Via a FIDO Authenticator the user can authenticate themselves or authorize a transaction via the mobile application. For each FIDO authenticator, such as Face or Voice recognition, a mapping must be made between that specific FIDO Authenticator and the Policy in the FIDO Server. When the Mobile app requests authentication via a specific FIDO Authenticator, the Token Server needs to know which Policy it can call in the FIDO Server.
- Create a FIDO Authenticator
- Configure FIDO Authenticators for a Mobile app
- Configure FIDO Authentication as Mobile authentication type
Create a FIDO Authenticator
The app developer needs to provide the value of the aaid
from the FIDO Authenticator Metadata Statement.
The administrator of the FIDO Server should provide the Policy ID
of the Trusted Facet for the Service Provider that is configured for the Token Server.
Go to Configuration
→ FIDO
→ Authenticators
to manage the FIDO Authenticators.
The Name
is used in the Admin console to distinguish the FIDO Authenticators. The Authenticator ID
is the aaid
that is provided by the app developer.
The FIDO Policy
is the identifier from the FIDO Server.
All fields are required. Each individual Name
, Authenticator ID
and FIDO Policy
can be
configured only once in the Token Server.
Configure FIDO Authenticators for a Mobile app
Go to Configuration
→ App configuration
→ Applications
and add or edit an Application.
The field FIDO Enabled
must be checked to configure FIDO authenticators for this Application.
Configure FIDO Authentication as Mobile authentication type
A FIDO Authenticator can be used as authentication for Mobile authentication. For example when voice recognition is used to identify the user when he approves a transaction via a Push message.
Go to Configuration
→ Mobile authentication
→ Mobile authentication types
Choose the Authentication method PUSH_WITH_FIDO
. Then choose which FIDO authenticator will be used for this type of Mobile authentication.