2.6 Configuring roles for registering FIDO authenticators
Any person who wants to register a FIDO authenticator must have a role that has permission to use the Register FIDO Security Key option.
To configure a role for registering FIDO authenticators:
-
Log on to MyID Desktop as an administrator.
-
From the Configuration category, select Edit Roles.
-
Click Show/Hide Roles to display the role to which you want to add the FIDO registration permission.
Note: This role must have access to the Password logon mechanism; the FIDO registration code is a special case of a logon code, and logon codes use the Password logon mechanism.
-
From the Cards section, select the following option:
-
Register FIDO Security Key
Note: If you are using the Self-Service Request Portal to request and register FIDO authenticators, you must set up the Derived Credential Owner role to have access to the Password logon mechanism and the Register FIDO Security Key option.
-
-
Click Save Changes.
Any person who has the selected role can now access the authentication service to register a FIDO authenticator.