Use this task to manage the FIDO2 devices that enable users to sign on to IBM® Security Verify and to respond to second-factor
authentication events.
About this task
A FIDO2 device is a device with built-in sensor, a hardware token with support for FIDO, or
a device with fingerprint or facial recognition such as Apple
Touch ID and Windows
Hello.Note: For users, the term passkey is used instead of FIDO to provide a more
consumer-friendly experience.
The FIDO server uses metadata to validate the authenticity of
a device.
Procedure
-
Select .
- Add relying parties.
- Select Relying Parties.
The relying parties
are listed and the display names, identifiers, and devices are displayed in the
table.
-
Select Creating relying party.
- Provide a display name for the relying party.
- Toggle the Enabled button to enable or disable the relying
party.
- Provide an identifier for the relying party.
Typically the identifier is
the site DNS domain such as example.com.
- Specify the device metadata that is to be included.
Select the checkbox to
include all device metadata. Otherwise, clear the checkbox to activate the
Filter menu. Expand the filter and select one or more device metadata for the
relying party.
- Select whether to check device authenticity.
Use this option to limit the
authenticator types that can be used.
-
Specify the allowed origins.
Specify your tenant as the URL. The URL must fall within the DNS domain that is set as the
relying party identifier. If the port is not 443, you must also include the port number.
- Optional: Select Add URL to more base URLS where
the FIDO2-based authenticators can be registered and used.
The URL is added to the
list of URLs.
- Click Create.
- Add metadata
-
Select Device Metadata.
The display names and tags are displayed for the devices.
-
Select Create metadata
- Provide a display name for the device.
- Toggle the Enabled button to enable or disable the device.
- Provide a tag for the metadata.
- Upload the .json or .yubico from your FIDO2
device.
This file contains the registration metadata for your device.
-
Select Create.
What to do next
Enable FIDO2 for logging in. See Managing sign-in options.