6.3.1.26. WebAuthn¶
eduMFA supports WebAuthn tokens. The administrator or the user himself can register a WebAuthn device and use this WebAuthn token to login to the eduMFA WebUI or to authenticate against applications.
When enrolling the token, a key pair is generated and the public key is sent to eduMFA. During this process, the user needs to prove that he is present, which typically happens by tapping a button on the token. The user may also be required by policy to provide some form of verification, which might be biometric or knowledge-based, depending on the token.
The devices is identified and assigned to the user.
Note
This is a normal token object which can also be reassigned to another user.
Note
As the key pair is only generated virtually, you can register one physical device for several users.
For configuring eduMFA for the use of WebAuthn tokens, please see WebAuthn Token Config.
For further details and information how to add this to your application, see the code documentation at WebAuthn Token.