(Legacy) FIDO2 biometrics use cases
The following table outlines several common use cases and their expected behaviors when using FIDO2 biometrics authentication.
If policy rules are configured, the results might vary from those described in the table. For more information, see PingID authentication policy. |
Paired devices | Browser | Results | Reason |
---|---|---|---|
FIDO2 biometrics device only |
WebAuthn Platform compliant |
The browser prompts the user to authenticate using their FIDO2 biometrics device. |
FIDO2 biometrics is the only authentication method, and the browser supports WebAuthn platform, so the user can authenticate using their FIDO2 biometrics device. |
|
WebAuthn platform compliant |
The browser prompts the user to authenticate using their FIDO2 biometrics device. If the Prompt to Select setting is enabled, FIDO2 Biometrics appears in the list of authentication options. |
The browser supports FIDO2 biometrics, which is the user’s primary device. |
|
WebAuthn platform complaint |
If the user tries to access their account with their Android device, they are prompted to authenticate using that device, even though it is not their primary device. |
If more than one FIDO2 biometrics device is paired with a user’s account, when accessing with a FIDO2 device, the browser prompts the user to authenticate with the current accessing device, regardless of which FIDO2 device is the primary device. |
FIDO2 biometrics only |
Not WebAuthn Platform compliant |
The browser displays the following message: |
The browser doesn’t support the user’s current authentication method. The user must either use a different browser that is WebAuthn compliant, such as the latest version of Chrome or Microsoft Edge, or use a FIDO2 biometrics device that is paired with their account. |
|
Not WebAuthn platform compliant |
The browser prompts the user to authenticate using the next paired device. In this example, the user must authenticate using email or SMS. If the Prompt to Select setting is enabled, FIDO2 biometrics does not appear in the list of authentication options. |
The browser is not Webauthn platform compliant and does not support the user of a FIDO2 biometrics device. The FIDO2 biometrics option is not shown and only the secondary authentication methods are presented to the user. |