Overview

FIDO

HYPR implements the Fast Identity Online (FIDO) protocol to provide a True Passwordless experience.

FIDO universal authentication framework (UAF) supports a passwordless experience. The user carries a device with a FIDO UAF stack installed; they can then register their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a personal identification number (PIN), etc. The FIDO UAF protocol allows the service to select which mechanisms are presented to the user.

Once registered, the user simply repeats the local authentication action whenever they need to authenticate to the service. The user no longer needs to enter their password when authenticating from that device. FIDO UAF also allows experiences that combine multiple authentication mechanisms such as fingerprint + PIN or multimodal biometrics.

HYPR SDK for iOS solves several use cases with a variety of methods, employing out-of-band authentication to enable mobile device-based access.

Use Cases

• Web Authentication – including out-of-band (OOB) authentication and Push Notifications Customization
• Workforce Access – primarily for browser-based authentication
• FIDO Client Adapter – Add FIDO to your authentication

Methods

• iOS FIDO PIN Authenticator
• iOS Headless PIN Authenticator
• iOS Native Face ID Authenticator
• iOS Native Fingerprint Authenticator
• iOS Presence Authenticator
• iOS Silent Authenticator

For functionality and UI changes around multiple authenticator methods:

• iOS Multiple Authenticators

Data Storage

• The private keys are stored in Secure Enclave
• There is no PII stored
• SDK-related data outside of private keys and login attempts are stored on the Keychain
• Login attempts to the computer or web account are stored in User Defaults

Configuration and Customization

• Policy Matching
• Register, Authenticate, and Deregister
• Localization
• UserAgent UI Customization
• HYPRUserAgent Data Model
• Endpoint Overrides
• Offline Authentication
• XCFramework Support
• Additional Functionality
  • Reset an App
  • Enable SSL Pinning
  • Custom HTTPS Headers
  • Gathering App and Device Information
• Most of the iOS Authenticator articles include UI customization specific to the authenticator in question
• Push to Authenticate Confirmation Screens UI Customization

Troubleshooting

• iOS Simulator Support
• Error Reporting
• Logging and Log Levels