3.4 Logging on to MyID with FIDO authenticators
If you have configured MyID to allow logon using FIDO authenticators (see section 2.7, Configuring MyID for FIDO logon) you can use a registered FIDO authenticator to log on to the MyID Operator Client.
To log on to MyID using a FIDO authenticator:
-
Choose whether or not to provide a username:
-
Enter username first
You must type your username when authenticating to MyID.
-
Username is not required
If your FIDO authenticator supports it, and has been issued with a discoverable key for the user and the domain (for example, by issuing using a credential profile that has the Require Client Side Discoverable Key option set) you can opt not to provide a username. If there is more than one identity for the current domain on the FIDO authenticator, the Windows Security dialog provides you with a list to select the appropriate one to use:
If you select Remember my decision, you will not be prompted again when using this browser under this user account on this PC. If you subsequently change your mind, you can click Cancel on a FIDO system authentication dialog box, or delete the cookies stored in your browser from the MyID website.
-
-
Complete your FIDO authentication.
Note: The specifics of the process depend on the capabilities of your FIDO authenticator, your selected FIDO logon style (username or no username) and how your credential profile is set up for user verification.
For example:
-
Type your Username and click Next.
The Windows Security dialog appears, requesting your PIN:
-
Enter your PIN and click OK.
The Windows Security dialog requests that you touch your authenticator:
-
Touch your authenticator.
You can now use the MyID Operator Client.
Note: If the list of features available in the MyID Operator Client does not match what you expect, check that the logon mechanisms have been set up correctly for your roles; see section 2.7.2, Setting up FIDO logon mechanisms.
-