(Legacy) FIDO2 biometrics use cases

(Legacy) FIDO2 biometrics use cases - PingID

PingID Administration Guide

bundle

pingid

ft:publication_title

PingID Administration Guide

Product_Version_ce

PingID

category

ContentType

Product

Productdocumentation

pingid

ContentType_ce

Product documentation

The following table outlines several common use cases and their expected behaviors when using FIDO2 biometrics authentication.

Note:

If policy rules are configured, the results might vary from those described in the table. For more information, see PingID authentication policy.

Paired devices	Browser	Results	Reason
FIDO2 biometrics device only	WebAuthn Platform compliant	The browser prompts the user to authenticate using their FIDO2 biometrics device.	FIDO2 biometrics is the only authentication method, and the browser supports WebAuthn platform, so the user can authenticate using their FIDO2 biometrics device.
FIDO2 biometrics (primary) Email SMS	WebAuthn platform compliant	The browser prompts the user to authenticate using their FIDO2 biometrics device. If the Prompt to Select setting is enabled, FIDO2 Biometrics appears in the list of authentication options.	The browser supports FIDO2 biometrics, which is the user's primary device.
FIDO2 biometrics - Windows Hello (primary) FIDO2 biometrics - Android device Email SMS	WebAuthn platform complaint	If the user tries to access their account with their Android device, they are prompted to authenticate using that device, even though it is not their primary device.	If more than one FIDO2 biometrics device is paired with a user's account, when accessing with a FIDO2 device, the browser prompts the user to authenticate with the current accessing device, regardless of which FIDO2 device is the primary device.
FIDO2 biometrics only	Not WebAuthn Platform compliant	The browser displays the following message: `This browser doesn't support your current authentication method. Try a different browser or contact your administrator.`	The browser doesn't support the user's current authentication method. The user must either use a different browser that is WebAuthn compliant, such as the latest version of Chrome or Microsoft Edge, or use a FIDO2 biometrics device that is paired with their account.
FIDO2 biometrics (primary) Email SMS	Not WebAuthn platform compliant	The browser prompts the user to authenticate using the next paired device. In this example, the user must authenticate using email or SMS. If the Prompt to Select setting is enabled, FIDO2 biometrics does not appear in the list of authentication options.	The browser is not Webauthn platform compliant and does not support the user of a FIDO2 biometrics device. The FIDO2 biometrics option is not shown and only the secondary authentication methods are presented to the user.