FIDO2 Settings

FIDO2 is a set of standards defining the use of mechanisms such as security keys and biometric recognition in multifactor authentication. By default, the only authentication mechanism available to HYPR users is a mobile device. If you want users to log in with a security key or through biometric recognition on their computer (Touch ID for Mac or Windows Hello, for example), you must enable FIDO2 authentication.

Enabling FIDO2
Supported FIDO2 Devices

Enabling FIDO2

1. In the Control Center, select the RP Application you wish to modify.
2. Click FIDO2 Settings under Advanced Config in the left navigation pane.

3. Slide the Enable Fido2 button to the On position.
4. Enter the Client Origin URL where your users will be authenticating.

📘

IMPORTANT

The Client Origin URL value must be all lowercase. If users are unable to pair FIDO2-based devices successfully, check this URL does not contain any uppercase characters.

5. Click Save.

Users will now have the option to register and use security keys and built-in computer biometric devices.

Supported FIDO2 Devices

The HYPR platform is compatible with all FIDO2-certified devices. The following devices are known to register and authenticate correctly:

Android Authenticator with SafetyNet Attestation
Excelsecu eSecu FIDO2 Security Key
FEITIAN ePass FIDO2 Authenticator
FEITIAN ePass FIDO2-NFC Authenticator
Google Chrome Mac Touchbar
Thetis FIDO2 Security Key
Windows Hello Hardware Authenticator
Windows Hello Software Authenticator
Yubico Security Key (blue)
Yubico YubiKey 5 Series
Yubico YubiKey 5 Series with NFC
Yubico YubiKey 5C
Yubico YubiKey 5Ci FIP
YubiKey Bio Series