Passwordless authentication using FIDO2¶

WSO2 Identity Server supports passwordless authentication using FIDO2, which is a phishing-proof passwordless authentication protocol developed as a joint effort between the FIDO Alliance and the World Wide Web Consortium (W3C).

The three major enablers of the FIDO2 flow are;

1. The FIDO2 Authenticator (biometrics, mobile devices or FIDO2 security keys)
2. The client or browser that operates as a mediator
3. The WebAuthn Relying Party (WSO2 Identity Server)

Configuring passwordless authentication using FIDO2¶

Setting up the FIDO2 device¶

To associate a FIDO2 device with the user account, refer Add security device.

Configuring FIDO as an authenticator¶

1. Sign in to the Management Console.

2. To create a new Service Provider:

   1. On the Main menu, click Identity > Service Providers > Add.
   2. Enter a name and a brief description of the service provider.
   3. Click Register.

   Info

   For more information on creating a service provider, see Adding and Configuring a Service Provider.

3. In the Local & Outbound Authentication Configuration section, select Local Authentication and from the dropdown select fido. To enable passwordless authentication, the fido authenticator alone is sufficient.

   Info

   For more information on configuring the local and outbound authentication configuration, see Configuring Local and Outbound Authentication for a Service Provider .

   

4. Click Update.