1 Introduction

This guide provides details of how to integrate your MyID^® system with FIDO (Fast IDentity Online) authenticator devices.

FIDO authenticators are removable devices (smart cards or USB tokens) or devices built into a computer (for example, a mobile phone). These authenticators may provide single-factor, two-factor, or multi-factor authentication.

You can use MyID to request, register, or cancel FIDO authenticators, and you can configure MyID to use an issued FIDO authenticator to log on to your MyID system. You can use the Self-Service Request Portal with an already-issued smart card to request (and optionally register) a FIDO authenticator for yourself.

For information on configuring the Self-Service Request Portal, see the Derived Credentials Self-Service Request Portal guide.

Intercede also provides a plug-in for AD FS (the MyID AD FS Adapter OAuth) that allows you to use the MyID authentication service in conjunction with a registered FIDO authenticator to access AD FS (Active Directory Federation Services); see the MyID AD FS Adapter OAuth section in the MyID Authentication Guide for details.

You can integrate MyID's authentication service with your own system to authenticate a person's identity using their FIDO authenticator using OAuth 2.0 OpenID Connect; see the Authenticating using OpenID Connect section in the MyID Authentication Guide for details.

You can also set up the MyID authentication service as a standalone service (for high availability FIDO authentication operations); see the Setting up the standalone authentication service section in the MyID Authentication Guide for details.

Note: This document contains code samples that you can copy from your browser. Due to browser display limitations, this copied text may contain hard spaces that can cause JSON to be invalid; you are recommended to sanitize your code before implementing it.