1 Introduction

This guide provides details of how to integrate your MyID^® system with passkeys using FIDO (Fast IDentity Online) authenticator devices.

Passkeys are a modern solution for multi-factor authentication. These credentials are cryptographically secure and provide an alternative to complex certificate-based solutions. The technology is supported directly by browsers and offers phishing-resistant strong authentication to websites and web applications.

Organizations that need to manage credentials for end users of their systems typically have much more complex requirements than consumers; for example, ensuring that the right people get the right credential, enforcing security policies, and the ability to track who has a credential are all vital. Critically, the ability to revoke access in the simplest and fastest way when required is essential.

To deploy passkeys in an enterprise, organizations need an authentication server to hold the registration information for the credential and to perform the authentication process when required. You can use MyID CMS as an authentication server to issue your passkeys, or you can use Microsoft Entra. Integration of multiple authentication servers can be challenging for organizations due to the additional complexity this brings, so using Entra ID as the primary identity provider while using MyID CMS for credential management brings together the best of both solutions.

Intercede also provides a plug-in for AD FS (the MyID AD FS Adapter OAuth) that allows you to use the MyID authentication service in conjunction with a registered passkey to access AD FS (Active Directory Federation Services); see the MyID AD FS Adapter OAuth section in the MyID Authentication Guide for details.

You can integrate MyID's authentication service with your own system to authenticate a person's identity using their passkey using OAuth 2.0 OpenID Connect; see the Authenticating using OpenID Connect section in the MyID Authentication Guide for details.

You can also set up the MyID authentication service as a standalone service (for high availability passkey authentication operations); see the Setting up the standalone authentication service section in the MyID Authentication Guide for details.

Note: This document contains code samples that you can copy from your browser. Due to browser display limitations, this copied text may contain hard spaces that can cause JSON to be invalid; you are recommended to sanitize your code before implementing it.