Configure a FIDO2/WebAuthn authentication mechanism

The FIDO2/WebAuthn authentication mechanism prompts the user to sign a random challenge string with a FIDO2/WebAuthn authenticator provided during the authentication flow. The user must register a compatible FIDO2/WebAuthn authenticator.

Configure the FIDO2/WebAuthn mechanism and the corresponding properties to determine the operation of the mechanism.

1. Log in to the local management interface.

2. Click...
   AAC > Policy > Authentication > Mechanisms > FIDO2/WebAuthn Authentication > Modify > Properties tab > property > Modify

3. Enter the value for that property.

4. Click OK.

5. Take note of the properties for the mechanism.

   Relying Party ID

   The relying party ID to use with this mechanism. The ID is a domain string that identifies the Relying Party and the Relying Party-specific configuration. The ID must be based on the origin the user accesses: The ID must be the registrable domain suffix of or equal to the origin's effective domain. Default value: Empty string Example: webseal.com Valid values: String, valid URI

6. Click Save.

7. Deploy pending changes

More advanced configuration can be configured for each Relying Party ID. See FIDO2 Configuration.

Parent topic: Authentication