Skip to main content

How to send a confirmation email about a FIDO2 device

As an administrator, you can choose to send a confirmation email to the user when they enroll or remove a FIDO2 authenticator from their profile.

Prerequisites

  • Available in the following SecureAuth® Identity Platform releases:

    • Identity Platform release 23.07 with hotfix 23.07-4 or later

    • Identity Platform release 22.12 with hotfix 22.12-8 or later

  • Have FIDO2 WebAuthn global MFA enabled in the Identity PlatformFIDO2 WebAuthn global MFA settings

Solution

You will need to enable the "send email confirmation" setting in the FIDO2 global MFA. And you optionally can change the default email text.

Turn on the setting to send a confirmation email

  1. In the Identity Platform, go to Multi-Factor Methods > FIDO2 (WebAuthn) settings and click the pencil icon.FIDO2 WebAuthn global MFA settings

  2. In the Email Notification section, select the Send confirmation email... check box.

    Then, select which email to send to the user. Make sure you have the emails mapped and configured in your data store properties.

    fido2_global_mfa_002.png
  3. Save your changes

Optionally change the default email text

  1. In the Identity Platform, go to Multi-Factor Methods > FIDO2 (WebAuthn) settings and click the pencil icon.FIDO2 WebAuthn global MFA settings

  2. Scroll down the bottom of the page to find the realm number for this FIDO2 enrollment application.

    fido_email_notification_kb_001.png
  3. Go to Advanced Settings and select the FIDO2 realm.

  4. Select the Overview tab, scroll down to the Advanced Settings section, and click the Content and Localization link.

  5. In the Verbiage Editor, scroll down to the bottom and edit any of these resource fields for the email output.

    See the following example of an email confirmation.

    fido_email_notification_kb_003.png
    Resource fields
    • fido_removed_email_notification_body – Email body about removing a FIDO2 device from your profile. For example:

      <b>Dear {{fullName}}</b>,<br><br>Security key or device ({{deviceName}}) removed from your profile. If you didn't make this change, contact your help desk.
    • fido_enrolled_email_notification_body – Email body about adding a FIDO2 device to your profile. For example:

      <b>Dear {{fullName}}</b>,<br><br>Security key or device added ({{deviceName}}) to your profile. If you didn't make this change, contact your help desk.
    • fido_email_subject_notification – Email subject line. For example:

      Confirmation of security key or device activity
    • fido_email_from_notification – Sender email address. For example:

      security@secureauth.com
    • fido_email_from_displayname_notification – Display name of sender email address. For example:

      SecureAuth Support
    fido_email_notification_kb_002.png
  6. Save your changes.