Biometrics

WebAuthn offers a secure passwordless authentication method, leveraging biometric verification to streamline user access. This section provides an overview of the WebAuthn feature and details the integration patterns. For technical details and step-by-step guidance, dive into our Passwordless Authentication documentation.

Customer Identity Journey

The identity journey using Passwordless Authentication simplifies the user experience significantly. Below is the process once enabled for an application:

Step 1: Initial User Authentication

The user begins by signing in with their traditional credentials, such as a username and password.

Step 2: Device Registration Prompt

After a successful sign-in, the user is prompted to register their device for future passwordless logins.

Device Registration Process

Users who opt to register their devices follow a device-specific authentication procedure to enable biometric options such as fingerprint scanning, facial recognition, or PIN.

Subsequent Logins

On subsequent visits, users who activated Passwordless Authentication can enjoy a hassle-free login experience using their registered biometric credentials.

Opting In or Out

Users can enable or disable Passwordless Authentication via their profile settings.

Alternative Approach for Hybrid Apps

For applications integrating Customer Identity Journeys without a profile editing feature, a direct link to the Passwordless Authentication settings is provided.

The Register now link directs users to the settings:

https://ENV.account.nextreason.com/webauthn/profile?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=openid&state=&ui_locales=YOUR_LOCALE

API Integration

Integrate Passwordless Authentication with the following steps:

1. Initiate device registration with navigator.credentials.create().
2. Register the device-generated credential with navigator.credentials.get().
3. Authenticate the credential via your authentication server.

Device and Browser Capability

Consider device and browser specifications to understand the capabilities and limitations of Passwordless Authentication.

📘

Tip: Testing is Key

Due to variance in device and browser capabilities, test thoroughly across different platforms to ensure a smooth user experience.

Known Limitations

• Verify device compatibility, as not all devices support WebAuthn.
• Confirm browser compatibility, as support can vary.
• Users must register devices before accessing Passwordless Authentication.

Implementing WebAuthn into the Customer Identity Journey can significantly enhance security and convenience. Follow our guidelines to ensure a seamless integration.

📘

Need Support or More Information?

Have questions or need hands-on support? Reach out to your Next Identity consultant for personalized assistance.

FAQ

Q: Is it possible to have OTP and Passwordless authentication simultaneously?
A: Yes, you can implement both OTP and Passwordless authentication methods concurrently. However, doing so may complicate the user experience, and it's advisable to provide clear instructions for users on when to use each method.

Q: How secure is Passwordless Authentication compared to traditional methods?
A: Passwordless Authentication is generally more secure than traditional password-based methods. It uses cryptographic keys, making it less susceptible to common attacks such as phishing.

Q: What if a user's device does not support WebAuthn?
A: It's essential to maintain alternative authentication methods for users whose devices do not support WebAuthn to ensure account accessibility.

Q: Can users revert to traditional authentication after enabling Passwordless?
A: Yes, users can switch back to traditional authentication methods anytime via their profile settings.

Q: Do all browsers support WebAuthn?
A: While most modern browsers support WebAuthn, there can be differences in their specific implementations. Users should check their browser's support documentation for detailed compatibility information.