# FIDO Authenticator

The FIDO (“Fast IDentity Online”) Authenticator is a hardware device or software solution designed to provide secure access to services and applications through robust, user-friendly authentication methods. FIDO Authenticators support multiple authentication technologies including biometrics (such as fingerprint recognition, facial recognition), security keys, and mobile devices.

### Key Features of FIDO Authenticator

* **Strong Authentication**: By using cryptographic techniques, FIDO Authenticator ensure a high level of security, making unauthorized access significantly more difficult.
* **Privacy-Focused**: Biometric data, when used, does not leave the device. This ensures that personal information is kept secure and private.
* **Ease of Use**: FIDO authentication simplifies the user experience by allowing a single gesture, like a fingerprint swipe or facial recognition, to quickly access services without remembering passwords.
* **Versatility**: These authenticators are designed to work across a wide range of devices and platforms, ensuring seamless integration into users’ digital lives.
* **Phishing Resistant**: Because authentication is tied to the user’s device and uses cryptographic keys, it is virtually impossible for attackers to replicate or steal credentials through phishing attacks.

### Configuration

For configuring FIDO Authenticator in Cymmetri, select the FIDO Authenticator toggle button and click confirm to setup FIDO Authenticator as an MFA option

<figure><img src="/files/KrtvWZI8Es38mIcZUT47" alt=""><figcaption></figcaption></figure>

Next move to configure the rules for Multi-factor authentication policy for login

<figure><img src="/files/H3czFUNIrTjzVKTYwFP5" alt=""><figcaption></figcaption></figure>

You may either click on the pencil icon to start editing the rule, or create a new rule as shown below:

<figure><img src="/files/6dWt90h3n5PYVwk2iSo5" alt=""><figcaption></figcaption></figure>

Once you have either created a new rule or edited an existing one, change the dropdown of the FIDO Authenticator factor to indicate that it is mandatory (required).

<figure><img src="/files/p0R1Kj8Jaoge6nq5GqNX" alt=""><figcaption></figcaption></figure>

The options available for each factor are:

**Required**: This setting means that the corresponding factor is required to be enabled for each user, and every user must set up this factor in their next login.

**Optional**: This setting means that the corresponding factor is not required to be enabled for each user, and they may configure this option from their "My Workspace". Once the user configures it, they may use it for the purpose of second level of authentication during authentication.\
\
**Disabled**: This settings means that the corresponding factor is not required or enabled for each user, and the user may not configure or use it for authentication into the Cymmetri platform.

An administrator can further customize to whom the rule would be applicable by selecting user(s) or group of users in the "*Assigned to*" Tab, If the rule is to be applied to all the users then the "*All Users*" option need to be selected

<figure><img src="/files/YeaySJnOnFS2eCTZAlvx" alt=""><figcaption></figcaption></figure>

Once the changes are saved this is how the rule appears:

<figure><img src="/files/ayVfJ7y15EQMbnlIT4jJ" alt=""><figcaption></figcaption></figure>

All subsequent logins of any user on the Cymmetri Identity platform will now require the use of the  FIDO Authenticator mechanism.

<figure><img src="/files/0h8cNxvkPb5TlWzJzcpH" alt=""><figcaption></figcaption></figure>

The user needs to setup the Cymmetri Authenticator for receiving the push notification on the device, for which the user needs to download the Cymmetri Verifier app. The links below can be used to download the Cymmetri Verifier App on Android or IOS:

IOS- <https://apps.apple.com/in/app/cymmetri-verify/id6455987489>

Android - <https://play.google.com/store/apps/details?id=com.cymmetri.verify>

Once downloaded we need to scan the QR Code in the Cymmetri Verifier App to register the device

<figure><img src="/files/UWSM1k529zydugWPNcO6" alt=""><figcaption></figcaption></figure>

Once the device is registered successfully a notification is show on the dashboard&#x20;

<figure><img src="/files/iODhxyod37adk5Zbs4VX" alt=""><figcaption></figcaption></figure>

Now when the user selects FIDO Authenticator as an MFA mechanism and consent notification is sent to the mobile device (The consent notification appears as shown below) and the user needs to accept the consent in the stipulated time to be allowed to login also after the user accepts the consent the user needs to prove their identity by providing biometrics (such as fingerprint recognition, facial recognition).

<div><figure><img src="/files/ka1wfPNOCisJkpg0SO6F" alt="" width="135"><figcaption></figcaption></figure> <figure><img src="/files/hcpHh7CAmm5oMUdUDfto" alt="" width="288"><figcaption></figcaption></figure></div>

Once successfully verified the user is redirected to the Dashboard

<figure><img src="/files/cooXVk5Bw8KaminfCV8l" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.cymmetri.io/single-sign-on/multifactor-authentication-mfa/fido-authenticator.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.