Configure biometric authentication journeys
To use mobile biometrics with the ForgeRock SDK for iOS configure the authentication nodes in your journeys as follows:
In each WebAuthn Registration node and WebAuthn Authentication node:
Set the Relying party identifier option to be the domain hosting the
apple-app-site-associationfile; for example,
You do not need the protocol or the path.
To enable passkey support, enable Username to device in the WebAuthn Registration node, and Username from device in the WebAuthn Authentication node.
In each WebAuthn Registration node:
Set the Authentication attachment option to either
Ensure the Accepted signing algorithms option includes
Ensure the Limit registrations option is not enabled.
To enable WebAuthn on iOS devices, you must configure the nodes with a specially-formatted string containing the bundle identifier of your application, which you can find in XCode, on the Signing & Capabilities tab of your apps target page:
Prefix this value with the string
ios:bundle-id:. For example:
To enable passkey support, add the fully-qualified domain name of the Identity Cloud or AM instance as an origin domain. For example,
Add these values to the Origin domains property in each WebAuthn Registration node and WebAuthn Authentication node in the journey.