FIDO browser management use cases
The following process flows describe the possible use cases experienced when using FIDO browser management.
Registering a new FIDO device
-
The user initiates an authentication flow on a FIDO-supported device.
-
The user enters their username (supported by the identifier first adapter).
-
If no devices have been paired, the user is prompted to authenticate through the HTML form. If the user has previously paired a device, the user is prompted to select from a list of devices or might fallback to the HTML form adapter for their first factor authentication.
-
After the user has authenticated, they are given the option to pair biometrics for the device. See Configuration Step 3 for optional configuration of the Device Selection screen.
-
The user pairs their biometrics through FIDO and completes the login flow. A cookie with the device ID is placed on the browser with an expiration of 20 years.

Authenticating a paired FIDO device
-
The user initiates an authentication flow on a paired, FIDO-supported device by entering their username into a form supported by the identifier first adapter.
-
A cookie is observed and the user is prompted to authenticate with biometrics for their current device.
-
The user authenticates with biometrics and logs in.

The cookie is deleted for a paired FIDO device
-
The user initiates an authentication flow on a FIDO-supported device.
-
The user enters their username supported by the identifier first adapter.
-
The user is prompted to select a device or fallback to the HTML form.
-
The user selects their current device from the list and authenticates with biometrics, completing login.
-
A cookie is reset on the browser with an expiration of 20 years.
