PingOne

FIDO browser management use cases

The following process flows describe the possible use cases experienced when using FIDO browser management.

Registering a new FIDO device

  1. The user initiates an authentication flow on a FIDO-supported device.

  2. The user enters their username (supported by the identifier first adapter).

  3. If no devices have been paired, the user is prompted to authenticate through the HTML form. If the user has previously paired a device, the user is prompted to select from a list of devices or might fallback to the HTML form adapter for their first factor authentication.

  4. After the user has authenticated, they are given the option to pair biometrics for the device. See Configuration Step 3 for optional configuration of the Device Selection screen.

  5. The user pairs their biometrics through FIDO and completes the login flow. A cookie with the device ID is placed on the browser with an expiration of 20 years.

Screen recording of the user registering a new FIDO device.

Authenticating a paired FIDO device

  1. The user initiates an authentication flow on a paired, FIDO-supported device by entering their username into a form supported by the identifier first adapter.

  2. A cookie is observed and the user is prompted to authenticate with biometrics for their current device.

  3. The user authenticates with biometrics and logs in.

Screen recording of the user authenticating using a paired FIDO device.

  1. The user initiates an authentication flow on a FIDO-supported device.

  2. The user enters their username supported by the identifier first adapter.

  3. The user is prompted to select a device or fallback to the HTML form.

  4. The user selects their current device from the list and authenticates with biometrics, completing login.

  5. A cookie is reset on the browser with an expiration of 20 years.

Screen recording of the cookie being deleted for a user’s paired FIDO device.