--- title: (Legacy) FIDO2 biometrics use cases description: The following table outlines several common use cases and their expected behaviors when using FIDO2 biometrics authentication. component: pingid page_id: pingid:pingid_service_management:pid_fido2_biometrics_use_cases canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_fido2_biometrics_use_cases.html revdate: April 18, 2024 --- # (Legacy) FIDO2 biometrics use cases The following table outlines several common use cases and their expected behaviors when using FIDO2 biometrics authentication. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If policy rules are configured, the results might vary from those described in the table. For more information, see [PingID authentication policy](pid_authentication_policy.html). | | Paired devices | Browser | Results | Reason | | ------------------------------------------------------------------------------------------------- | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | FIDO2 biometrics device only | WebAuthn Platform compliant | The browser prompts the user to authenticate using their FIDO2 biometrics device. | FIDO2 biometrics is the only authentication method, and the browser supports WebAuthn platform, so the user can authenticate using their FIDO2 biometrics device. | | * FIDO2 biometrics (primary) * Email * SMS | WebAuthn platform compliant | The browser prompts the user to authenticate using their FIDO2 biometrics device. If the **Prompt to Select** setting is enabled, FIDO2 Biometrics appears in the list of authentication options. | The browser supports FIDO2 biometrics, which is the user's primary device. | | - FIDO2 biometrics - Windows Hello (primary) - FIDO2 biometrics - Android device - Email - SMS | WebAuthn platform complaint | If the user tries to access their account with their Android device, they are prompted to authenticate using that device, even though it is not their primary device. | If more than one FIDO2 biometrics device is paired with a user's account, when accessing with a FIDO2 device, the browser prompts the user to authenticate with the current accessing device, regardless of which FIDO2 device is the primary device. | | FIDO2 biometrics only | Not WebAuthn Platform compliant | The browser displays the following message: `This browser doesn't support your current authentication method. Try a different browser or contact your administrator.` | The browser doesn't support the user's current authentication method. The user must either use a different browser that is WebAuthn compliant, such as the latest version of Chrome or Microsoft Edge, or use a FIDO2 biometrics device that is paired with their account. | | * FIDO2 biometrics (primary) * Email * SMS | Not WebAuthn platform compliant | The browser prompts the user to authenticate using the next paired device. In this example, the user must authenticate using email or SMS. If the **Prompt to Select** setting is enabled, FIDO2 biometrics does not appear in the list of authentication options. | The browser is not Webauthn platform compliant and does not support the user of a FIDO2 biometrics device. The FIDO2 biometrics option is not shown and only the secondary authentication methods are presented to the user. |