FIDO2 Device Profile

The platform enables you to create a device profile for FIDO2-compliant passkeys. There are two connection modes that you can configure for - direct connect mode (cross-platform authenticators) and WebAuthn (platform authenticators).

In the direct connect mode, you will configure the FIDO2 device profiles for external security keys which can store cryptographic login credentials. These security keys, also referred to as cross-platform or roaming authenticators, connect to the host device through various means such as USB (e.g., Yubikeys), NFC (smart cards such as NXP JCOP 4), or smart cards connected via a smart card reader (IDEMIA cards).

For the WebAuthn mode, authentication methods that are built directly into the device or platform, such as biometric sensors (e.g., fingerprint, or facial recognition) or device-specific security features (e.g., Windows Hello or Touch ID on Apple devices) are leveraged for passwordless authentication. These authenticators leverage the device's hardware and software to create and store cryptographic keys used for passwordless authentication. Hence, you just need to configure a device profile and there is no need to configure keys.

Follow the below steps:

  1. Login to the Unifyia Platform.
  2. On the dashboard, navigate to Configuration > Device Profile.
  3. Select + Add Device Profile.
  4. Enter the following information:
    1. Category: Select the category as
    2. Supplier: Select Generic.
    3. Product Name: Select FIDO2 Passkey Authenticator.
    4. Select OK.
    5. The device profile configuration page is displayed. Follow the below sections to understand how to configure a device profile for external security keys and browser-based WebAuthn.

FIDO Passkeys - Direct Connect

This section outlines the device profile configuration for FIDO security keys that connect to a computer/laptop or are accessed via NFC on smartcards, and smart cards using a reader.

General Information

  1. Enter a name for the device profile.
  2. Provide a brief description of the profile being created.
  3. Protocols: Select the protocol(s) that you would use during authentication using the passkeys. The platform supports both FIDO 2.0, and 2.1 protocols.
  4. FIDO Passkeys Via: Select Direct Connect. This means that the passkey either in the USB, smart card (over NFC), or smartphone (over Bluetooth) form factor would be connected to the computer during the authentication process.

Key Manager

In the Key Manager section, define the place to store the keys and provide the values for the Issuer Security Domain Keys – Factory Master Key and Customer Master Key. These keys enable Unifyia to oversee card applications and data, as well as facilitate tasks such as establishing a secure channel, resetting the card to factory configuration, unlocking writing privileges, and updating application data. Select Save.

FIDO Passkeys - WebAuthn

As this mode uses a FIDO2 protocol-supported browser for authentication, providing keys is not required.

General Information

  1. Enter a name for the device profile.
  2. Provide a brief description of the profile being created.
  3. Protocols: Select the protocol(s) that you would use during authentication using the passkeys. The platform supports both FIDO 2.0, and 2.1 protocols.
  4. FIDO Passkeys Via: Select Webauthn. This means that a browser (supporting FIDO2 protocols) would be used for authenticating the security key.
  5. Select Save.

Back Next
On this page