WebAuthn Device Storage node
Writes information about FIDO2 devices to a user’s profile. The user can subsequently authenticate using the device.
Use this node to store the device data the WebAuthn Registration node places into the transient node state when its Store device data in transient state property is enabled.
Compatibility
Product | Compatible? |
---|---|
ForgeRock Identity Cloud |
|
ForgeRock Access Management (self-managed) |
|
ForgeRock Identity Platform (self-managed) |
Outcomes
-
Success
-
Failure
-
Exceed Device Limit
If AM encounters an issue when attempting to save the device data to the user’s profile;
for example, the user was not identified earlier, then evaluation continues along the Failure
outcome path.
If the Maximum Saved Devices property is set to an integer greater than zero, and registering a new device would take the number of devices above the specified threshold, then evaluation continues down the Exceed Device Limit
outcome path. In this case, you may need to instruct your users to log in with an existing device in order to remove one or more of their registered devices.
If the node successfully stores the device data to the user’s profile,
evaluation continues along the Success
outcome path.
Properties
Property | Usage | ||
---|---|---|---|
Generate recovery codes |
Specify whether WebAuthn device recovery codes should be generated. If enabled, recovery codes are generated and stored in the transient node state, and stored alongside the device profile. Use the Recovery Code Display node to display the codes to the user for safe keeping.
|
||
Maximum Saved Devices |
Specify the maximum number of WebAuthn devices to save in a user’s profile. Set this property to When this property is greater than zero, the |