Skip to main content

Verify

FIDO Verify is an advanced user verification method that combines both fingerprint and passkey recognition for identity verification.

How to Setup

1 Navigate to Workspace > Workflows, and click on the flow created for FIDO Verify. If you need understanding in creating a workflow, refer to the step-by-step guide here.

2 Hover over the plus (+) symbol and select Workflow. From the list, click FIDO Verify to add it.

FIDO Verify

3 Click on the newly added workflow, then select the General tab to customize your preferences.

General

Manage General

(*) Indicates an action to be mandatory.

NameDescription
Display Name*Set a name to the workflow for easy identification.
DescriptionSummarize the purpose and functionality of this workflow module.
EnableThis toggle is enabled by default. When enabled, the particular workflow module begins its execution. Conversely, if disabled, the workflow module remains inactive and won't proceed.
RuleThis determines the criteria for triggering the particular workflow module. When the selected rule is evaluated, and is satisfied, the workflow proceeds as provided. If not, the workflow will not be executed. Note: If no rules are set, the workflow defaults to its standard action without any rule. For more information about the rules, refer here.

4 Then, click on the Configs tab to set the necessary configurations.

Configs

Manage Configs

NameDescription
Relying Party Entity NameUse a human-readable server name as the FIDO Relying Party. It helps users identify the server or service.
Signature AlgorithmsAssign specific algorithms used for cryptographic signing to ensure secure communication between the client and the server.
Relying Party IDThe Relying Party ID (RP ID) serves as a unique identifier for the FIDO Relying Party and should correspond to the effective domain of the origin. This ID helps in identifying the entity that is requesting the verification.
Attestation Conveyance PreferenceAttestation statements are used to verify the authenticity of the verification device and can be configured to provide varying levels of detail and privacy. This informs the system about the preferred method for generating an attestation statement.
Authenticator AttachmentThis conveys a permissible attachment pattern.
Require Resident KeyA Resident Key is stored on the verification device itself, allowing for credential storage and management directly on the device rather than on the server. It determines whether a public key credential should be created as a Resident Key.
User Verification RequirementInstructs to confirm the verification of a user.
TimeoutSets the maximum time, in seconds, allowed for generating a user's public key credential. This ensures the process completes within a reasonable timeframe. If set to 0, there is no timeout applied, and the process will wait indefinitely.
Avoid Same Authenticator RegistrationPrevents the registration of a workflow that is already in the system.
Acceptable AAGUIDsLists the Authenticator Attestation GUIDs (AAGUIDs) that are acceptable for registration. This setting ensures that only recognized and trusted authenticators can be registered, enhancing security by avoiding the use of unverified or duplicate authenticators.

5 After you've configured everything needed, click on SAVE.

6 Proceed to attach the workflow to the relevant application for execution. Refer to the instructions on how to attach a workflow to an application here.

Expected Result

Based on the provided configuration, the information that will be fetched for FIDO Verify includes the following parameters:

NameDescription
fido_verifiedThis indicates whether FIDO verification has been completed. The value will be "True" if the verification is successfully completed and "False" if it is not.
allow_new_deviceIndicates whether a user is permitted to access the service or application from a new or unrecognized device. If set to true, the user can use a new device; if false, the user may be restricted to previously authorized devices.
fido_verified_atThis provides a timestamp, in Unix epoch format, indicating the exact time when the FIDO verification was completed. This allows you to know precisely when the verification event occurred.

The response received will include the accurate information mentioned above. Note that, the response values can vary depending on the specific workflow modules.

How it Works

1 Launch Postman or your preferred API tool and execute the flow by configuring the suitable Method, URL, and Body settings. If you're seeking guidance on how to perform these actions, see here.

2 Upon initiating the API call, a verification request will be sent to your configured Verification Way settings.

3 Based on the request, execute the flow in an incognito browser and follow the prompts to complete the verification process.

4 Begin by granting permission to your device and proceed to execute using Fingerprint or Password.

FIDO Setup

5 The verification process will be completed if the provided data is valid.

Completed

6 The response can differ depending on the chosen Verification Way and Notification Way configurations. To know more, see here.

7 Here is a sample response for FIDO Verify:

{
"request_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx",
"user_id": "mark@gmail.com",
"workflow": "verification",
"fido_verified": "true/false",
"fido_verified_at": "1719569072",
"allow_new_device": "true/false",
}