FIDO2 Metadata Service (MDS) Server
The FIDO2 Metadata Service (MDS) Server page in Control Center provides a centralized view of all FIDO2 authenticator metadata known to your HYPR deployment. This metadata is used across the platform — most notably by FIDO2 Authenticators Granular Control when building per-application allowlist and denylist policies.
Overview
HYPR automatically syncs authenticator metadata from the FIDO Alliance Metadata Service. Administrators can also upload custom metadata statements for authenticators not covered by the FIDO Alliance MDS.
The MDS Server page has two tabs:
- FIDO2 Metadata Statements — Browse, search, and filter the full metadata catalog
- Management — Upload custom metadata and manage manually added entries
Metadata Sources
Each metadata entry is tracked by its source:
| Source | Description | Deletable from UI |
|---|---|---|
| METADATA_SERVICE | Automatically synced from the FIDO Alliance MDS | No |
| MANUAL_UPLOAD | Uploaded by an administrator via the UI or API | Yes |
Both sources appear in the metadata table and are available for use in per-application AAGUID policies.
Choose Your Method
- FIDO2 MDS Server (UI) — Browse metadata and manage entries through the Control Center interface
- FIDO2 MDS Server (API) — Query and manage metadata programmatically using the HYPR API
Prerequisites
- Admin role permissions in Control Center
- FIDO2 must be enabled on your HYPR deployment
Related Information
- FIDO2 Authenticators Granular Control - Per-application allowlist/denylist policies
- FIDO2 Settings - Per-application FIDO2 configuration
- Audit Trail Events - Track metadata changes
- FIDO Alliance Metadata Service - Upstream metadata source