4.1 Enabling platform-managed enterprise attestation in Google Chrome

A scenario where you might want to use platform-managed enterprise attestation is if your devices have been manufactured with an attestation certificate that is available in the online global MDS3 FIDO Alliance metadata; you can then configure your organization's enterprise-managed browsers to provide a list of allowed relying party IDs rather than requiring the list of allowed domains to be encoded on the device.

Platform-managed enterprise attestation is supported using the Google Chrome browser and the MyID Client Service app.

Note: Google Chrome is the only browser that currently supports this feature.

To enable this feature on Chrome:

1. Open Chrome, and type the following in the location bar:

   chrome://flags/#web-authentication-permit-enterprise-attestation

2. In the Web Authentication Enterprise Attestation section:

   1. Add the MyID server domain to the comma-delimited list in the text box.

      This must be the full domain name including the https prefix; for example:

      https://myserver.example.com

   2. Select Enabled from the drop-down list.