Registering FIDO authenticators

3.2 Registering FIDO authenticators

You can register your FIDO authenticator using the following methods:

Using a link and a registration code provided through notifications to your email address or cell phone.
Using the Self-Service Request Portal for immediate registration after requesting an authenticator.

3.2.1 Registering FIDO authenticators through notifications

MyID sends two notifications to the person when a FIDO authenticator has been requested for them:

An email message containing a link to the registration web page.
An email message (or SMS, depending on configuration) containing a single-use registration code.

To register your FIDO authenticator:

Click the link in the FIDO registration email.

This should take you to a web page with an URL similar to:

https://<myserver>/web.oauth2/fido/register/begin?requestId=BADF1894-266B-4B80-9084-6ECD721347BD
Type your registration code from the email or SMS you received, and click Next.

Windows Security takes you through the registration process for your FIDO authenticator. This process depends on the capabilities of your FIDO authenticator, and is independent of MyID.

For example, Windows Security prompts you to present your authenticator:
1. Present your authenticator.
  
  You may be required to set up a PIN:
2. Type a New PIN, then confirm it, and click OK.
  
  You may be required to provide additional authentication. For example, some FIDO authenticators require a PIN and for the user to touch the device physically for each authentication attempt; this provides an extra layer of security.
3. If your FIDO authenticator requires it, touch the device.
  
  Your browser may request that you allow the website to see the authenticator; for example, in Google Chrome:
4. Click Allow.

When you have completed all the steps requested, your authenticator is registered with MyID, and is available for use. You can close the browser window.

3.2.2 Registering FIDO authenticators using the Self-Service Request Portal

If the credential profile used for the request had the Immediate registration via Self-Service Request Portal option set, and you requested the FIDO authenticator using the Self-Service Request Portal, click Collect Now to begin the registration process.

Windows Security takes you through the registration process for your FIDO authenticator. This process depends on the capabilities of your FIDO authenticator, and is independent of MyID.

Note: The timeout for immediately collection is determined by the FIDO Immediate Collect Timeout option on the PINs tab of the Security Settings workflow. By default, the timeout is set for 120 seconds.