How SecureAuth FIDO2 WebAuthn works

The SecureAuth® Identity Platform supports the use of FIDO2-enabled devices that use the WebAuthn protocol. FIDO stands for Fast Identity Online, and is a set of standards used to protect user privacy; FIDO2 is the newest set of standards. The WebAuthn protocol is a standard that allows users to securely log into web-based applications, such as Office 365, without using a password.

What does this mean for you?

Together, FIDO2 with WebAuthn provide the strongest level of passwordless security. You can use your FIDO2-enabled device to log in, such as a fingerprint reader, a security key, or local PIN on your mobile device, laptop, or desktop.

If your administrator has set up passwordless login, using a FIDO2-enabled device provides the strongest security. The following examples assume a passwordless workflow.

Why use FIDO2?

Most people find it tedious and frustrating to remember passwords. Using FIDO2-enabled devices provides strong identification and a seamless user experience, without a password. FIDO2-enabled devices, such as security keys, mobile phone, etc., take the place of the password and offer you the freedom to log into resources safely and easily. If you want more information about securely using a passwordless workflow, see Passwordless secure login.

The Identity Platform supports FIDO2 with WebAuthn on most web browsers and device types with the following login options:

  • Fingerprint recognition, built-in fingerprint reader on mobile, laptop, and fingerprint scanner on desktop

  • Security key using Bluetooth, USB, NFC, such as YubiKey or Titan

  • Local PIN, built-in device PIN number on mobile, laptop, or desktop

Registering one or more FIDO2-enabled devices

To use a FIDO2-enabled device to access applications, you must first register the device. Registration is easy.

Your administrator will likely send detailed instructions about how to register, but the following is a quick introduction to registration.

  1. Log into the registration portal from your laptop, desktop, phone, or tablet.

  2. On the registration page, add a device.

  3. Follow the browser prompts on your FIDO2 device.

  4. Your device is registered!

Now you can access applications, such as Office 365 and Salesforce, without remembering a password.

60570966.png
Verify it's you

After you register a FIDO2-enabled device, you're ready to use it to verify that you are who you say you are, which lets you access an application, such as Office 365.

The process of logging into an application works the same as you're used to. You will verify your identity with the device you registered. Here's a quick view of what will happen when you want to use an application to complete work:

  1. Open the software application on any device.

  2. On the login screen, enter your username. On the next screen, select your registered FIDO2-enabled device. Follow the browser prompts to select the type of passwordless login you want to use, such as fingerprint, security key, etc.

  3. Verify your identity by tapping your security key, placing your finger on the scanner, etc.

  4. After gaining access, continue with your work.

Accessing other applications securely will work similarly, depending on your administrator's settings. The following flow is an example; your login screen might look different.

60571191.png
Related information

Passwordless secure login