FIDO Authenticators

Via a FIDO Authenticator the user can authenticate themselves or authorize a transaction via the mobile application. For each FIDO authenticator, such as Face or Voice recognition, a mapping must be made between that specific FIDO Authenticator and the Policy in the FIDO Server. When the Mobile app requests authentication via a specific FIDO Authenticator, the Token Server needs to know which Policy it can call in the FIDO Server.

Create a FIDO Authenticator

The app developer needs to provide the value of the aaid from the FIDO Authenticator Metadata Statement.

The administrator of the FIDO Server should provide the Policy ID of the Trusted Facet for the Service Provider that is configured for the Token Server.

Go to ConfigurationFIDOAuthenticators to manage the FIDO Authenticators.

FIDO Authenticator

The Name is used in the Admin console to distinguish the FIDO Authenticators. The Authenticator ID is the aaid that is provided by the app developer. The FIDO Policy is the identifier from the FIDO Server.

All fields are required. Each individual Name, Authenticator ID and FIDO Policy can be configured only once in the Token Server.

Configure FIDO Authenticators for a Mobile app

Go to ConfigurationApp configurationApplications and add or edit an Application.

The field FIDO Enabled must be checked to configure FIDO authenticators for this Application.

Configure FIDO Authentication as Mobile authentication type

A FIDO Authenticator can be used as authentication for Mobile authentication. For example when voice recognition is used to identify the user when he approves a transaction via a Push message.

Go to ConfigurationMobile authenticationMobile authentication types

Mobile authentication with FIDO

Choose the Authentication method PUSH_WITH_FIDO. Then choose which FIDO authenticator will be used for this type of Mobile authentication.