Service management
You can include multiple services and identity providers (IDPs) URLs in the allowed service list on each FIDO device. Only the allowed service providers are permitted to take part in the authentication process. If the list is blank, all service providers are permitted.
This feature is available only for FIDO 2.1 and later devices managed by an admin.
Add a service
To add a service provider to the allowed service list:
-
Connect a FIDO device to your system.
-
Select Admin > Configure allowed services.
-
Enter the admin PIN and click Submit.
Note
This step displays only if you are entering the admin PIN for the first time. After the admin PIN is authenticated, this step is skipped for the rest of the session.
-
Enter a valid service provider URL (relying party ID) in the following format:
-
Use just the domain name (no scheme like https://, port, path, or parameters).
-
Exclude https:// or http:// prefixes.
-
Omit numbers like :443 or :1337.
-
Exclude URL paths or query parameters.
For example:
login.example.com (matches origin's effective domain; default).Note
Thales FIDO devices do not support using only a registrable domain suffix (such as
example.com) when specifying the origin’s effective domain. Instead, you must provide the full domain name (such asapp.example.com) as the origin. -
-
Click Add service
A success message is displayed.
View allowed services
To view allowed service providers:
-
Select View allowed services.
The list of allowed service providers is displayed.
Delete a service
To delete a service provider from the allowed services list:
-
Connect the FIDO key to your system.
-
Select Admin > Configure allowed services.
-
Enter the admin PIN and click Submit.
Note
This step displays only if you are entering the admin PIN for the first time. After the admin PIN is authenticated, this step is skipped for the rest of the session.
-
Click Delete.
-
A confirmation pop-up is displayed, click Delete.
A success message is displayed.
