The following process flows describe the possible use cases experienced when using FIDO browser management.
Registering a new FIDO device
- The user initiates an authentication flow on a FIDO-supported device.
- The user enters their username (supported by the identifier first adapter).
- If no devices have been paired, the user is prompted to authenticate through the HTML form. If the user has previously paired a device, the user is prompted to select from a list of devices or might fallback to the HTML form adapter for their first factor authentication.
- After the user has authenticated, they are given the option to pair biometrics for the device. See Configuration Step 3 for optional configuration of the Device Selection screen.
- The user pairs their biometrics through FIDO and completes the login flow. A cookie with the device ID is placed on the browser with an expiration of 20 years.