You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

WebAuthn

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

FIDO2 WebAuthn is a set of Web APIs that attempts to alleviate the problems users and organizations can encounter managing an ever-growing list of passwords. The problems are obvious as passwords can become compromised and users can forget which password they use with which site. WebAuthn is a major step forward in that it uses public-key cryptography and digital signatures to enable passwordless authentication between servers, browsers and authenticators. WebAuthn can also be used as an additional MFA factor.

WebAuthn is supported by major browsers to include Chrome, Firefox, Edge and Safari. For more information about WebAuthn, see the FIDO Alliance article at https://fidoalliance.org/fido2/.

To use FIDO2 WebAuthn with EmpowerID, you simply decide what flows you want to use, configure a few system settings, and apply the flow(s) to one or more targets. Targets can include Password Manager policies, applications, and individual users (EmpowerID Persons).

EmpowerID supports the following WebAuthn flows:

  • MFA — Users authenticate by presenting their username, password and FIDO2 credential

  • Passwordless Login —  Users authenticate by presenting their username, FIDO2 credential and a PIN / biometric

  • Usernameless Login —  Users authenticate by presenting their FIDO2 resident key credential and a PIN/biometric

Configure system settings

  1. On the navbar, expand Infrastructure Admin > EmpowerID Servers and Settings and click EmpowerID System Settings.

  2. Search for the settings shown in the below table and then set their values accordingly.

EmpowerID System Setting

Purpose

FIDO2UsernamelessLoginEnabled

This setting determines whether the FIDO2 usernameless prompt appears on the login page.

OauthTokenIssuerName

This setting specifies the FIDO2 server name. Set the value to identify the environment, such as ClientName-Dev, ClientName-UAT, etc.

MaximumRegisteredAssetsPerPersonPerType

This setting specifies the number of FIDO2 assets that a user can register. By default, the value is set to three.

To edit the value of a setting, click the Edit icon for the setting as shown below, enter the new value and save your changes.

Enable WebAuthn on Password Manager policies

  1. On the navbar, expand Password Management and click Password & Login Policies.

  2. From the Policies tab of the Find Password Manager Policies page, search for the policy to which you want to enable WebAuthn and then click the Display Name link for that policy.

  3. On the View page for the policy, click the Edit link.

  4. Click the Authentication Settings tab and then select the desired type of WebAuthn from the Default FIDO2 Registration Capability field.

  5. Save your changes.

  • No labels