FIDO Authenticators
FIDO Authenticators contains list of supported FIDO devices. List is downloaded from FIDO Alliance Metadata Service. The FIDO Relying Party must be configured to require attestation for this list to be enforced, otherwise any authenticator will be allowed to enroll regardless of the configuration of this list.
List may be updated when link "(Re)initialize authenticators" on right side. This automatically queries the official FIDO server and downloads the official authenticator list.
Please note that default and recommended values are specified for parameters that can work with them, while other parameters need configuration specific to deployment environment and infrastructure requirements on a case-by-case basis.
Navigate to Settings/General/FIDO Settings
Fill in the configuration with proper values
fidoOrigin: the FQDN for the Veridium authentication server.
fidoAllianceCert: the certificate used for FIDO Alliance MDS2 communication that retrieves the list of certified FIDO authenticators.
fidoUrl: the internal URL used for communication between VeridiumID Server and FIDO Server.
Configure FIDO Authenticators
The list of trusted FIDO authenticators can be configured in the Admin Dashboard in FIDO: Authenticators
FIDO certified authenticators can be downloaded from MDS3 service automatically and the list is refreshed when (Re)Initialize authenticators.
Authenticators can be also added manually by using Add Authenticator. An authenticator can be imported via Metadata statement provided by the FIDO authenticator vendor, or by manually filling the required information that should be provided by the FIDO authenticator vendor.
Using Add multiple authenticators facilitates adding multiple authenticators at once.
Enable selected authenticators will enable the selected authenticator
Disable selected authenticators will disable selected authenticators
There is also an option to delete selected authenticators. This button will be visible when selecting at leas one authenticator for the list