-
Type:
Story
-
Status: Closed
-
Priority:
Minor
-
Resolution: Completed
-
Affects Version/s: None
-
Fix Version/s: 7.3.6 CE GA7, 7.3.X, 7.4.13 DXP GA1, Master
-
Component/s: Application Security > Multi-Factor Authentication
-
Epic Link:
-
Sprint:Iteration 45, Iteration 46, Iteration 47, Iteration 48, Iteration 49, Iteration 50, AppSec Iteration 51, AppSec Iteration 52, AppSec Iteration 53
Description
The End Users need to use a FIDO2 security key (hardware) to setup their FIDO2 verification step at their account settings. They are able to use FIDO2 verification in their MFA process only after they have set that there.
Acceptance Criteria
- As an End User, I want to use a FIDO2 security key (hardware) to configure my FIDO2 verification step at my account settings if the FIDO2 for the MFA process has been enabled by an Instance Administrator on instance level.
- As an End User, I want to be able to remove my FIDO2 configuration at my account settings anytime.
Testing Notes
If you don't have hardware key to test this function but you can utilize fingerprint reader that works for testing this also. If you don't have that possibility either, you can use this browser plugin: https://chrome.google.com/webstore/detail/virtual-authenticators-ta/gafbpmlmeiikmhkhiapjlfjgdioafmja
For using the plugin, you have to enable the virtual authenticator in the browser's DevTools. According to our experiences, when you test registering multiple keys, you may need to remove the previously generated key before you register the next one in the row.
- relates
-
LPS-123820 Logging in after the session expires results in Internal Server Error when FIDO2 enabled
- Closed
-
LPS-125987 MFA FIDO2 CredentialKey could be longer than 255 characters
- Closed
-
LRDOCS-9352 User Document for Multi-factor authentication additions
-
- Closed
-