Requesting FIDO authenticators

3.1 Requesting FIDO authenticators

You can request a FIDO authenticator for a person using the MyID Operator Client. Alternatively, if a person already has a smart card issued, they can use the Self-Service Request Portal to request (and optionally register) a FIDO authenticator for themselves.

3.1.1 Requesting FIDO authenticators using the MyID Operator Client

You can use the MyID Operator Client to request a FIDO authenticator for a person.

Log on to the MyID Operator Client.
Click the People category and search for a person.

See the Searching for a person section in the MyID Operator Client guide.
Click the Request Device option in the button bar at the bottom of the screen.

You may have to click the ... option to see any additional available actions.
From the Credential Profile drop-down list, select the FIDO credential profile you want to use.

See section 2.5, Setting up credential profiles for FIDO authenticators for details of FIDO credential profiles.
Click SAVE to make the request.

For more information about requesting devices, see the Requesting a device for a person section in the MyID Operator Client guide.

If your FIDO credential profile is configured to require validation, you must approve the request before MyID notifies the person that they can register their FIDO authenticator; see the Approving requests section in the MyID Operator Client guide for details.

See section 3.2, Registering FIDO authenticators for details of carrying out the registration process.

3.1.2 Requesting FIDO authenticators using the Self-Service Request Portal

If you have an already-issued smart card, you can use this to request a FIDO authenticator through the Self-Service Portal.

For information on configuring the Self-Service Request Portal, see the Derived Credentials Self-Service Request Portal guide.

To request a FIDO authenticator through the Self-Service Portal:

Open a web browser and navigate to the StartPage on the SSRP web server:

https://<myserver>/StartPage

where <myserver> is the address of the MyID server hosting the Self-Service Portal.

The start page appears.
Insert your card, click Begin, then select a certificate from your card.

The credential profile selection page appears.
Select the credential profile you want to use.

See section 2.5.2, Setting up a FIDO credential profile for the Self-Service Request Portal for details of setting up your FIDO authenticator credential profiles.

The next stage depends on how you have set up the Immediate registration via Self-Service Request Portal option in the credential profile:
- If the Immediate registration via Self-Service Request Portal option is set, you can register your FIDO authenticator immediately; see section 3.2.2, Registering FIDO authenticators using the Self-Service Request Portal.
- If the Immediate registration via Self-Service Request Portal option is not set, MyID sends a registration link and a registration code; see section 3.2.1, Registering FIDO authenticators through notifications.