Registering a new FIDO device

  1. The user initiates an authentication flow on a FIDO-supported device.
  2. The user enters their username (supported by the identifier first adapter).
  3. If no devices have been paired, the user is prompted to authenticate through the HTML form. If the user has previously paired a device, the user is prompted to select from a list of devices or might fallback to the HTML form adapter for their first factor authentication.
  4. After the user has authenticated, they are given the option to pair biometrics for the device. See Configuration Step 3 for optional configuration of the Device Selection screen.
  5. The user pairs their biometrics through FIDO and completes the login flow. A cookie with the device ID is placed on the browser with an expiration of 20 years.