Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Custom Workflows

User-Based FIDO Assignment via URL

search

User-Based FIDO Assignment via URL

This custom workflow enables a third‑party application to open a dedicated assignment URL that includes user information. When the assignment page loads, the workflow retrieves the user details from the URL, maps the user to the tenant’s default identity provider (IdP), and allows an administrator to select a connected FIDO device for configuration and enrollment for that user. This workflow is intended for scenarios in which an external system initiates FIDO device assignment for a known user. It minimizes navigation by providing direct access to device configuration and enrollment.

Prerequisites

Ensure that the following prerequisites are met before using this workflow:

  • Install and run the Thales Authenticator Lifecycle Service on the local workstation. The assignment page requires an active connection to discover and manage connected FIDO devices. For setup instructions, refer to Thales Authenticator Lifecycle Service section.

  • Configure at least one identity provider and set the tenant’s default IDP in Thales Authenticator Lifecycle Manager. For configuration details, refer to the Identity Provider Settings and Integrations sections.

  • Connect at least one FIDO device to the workstation.

FIDO Device Assignment Workflow Steps

  1. In a web browser, open the assignment URL provided by the third‑party application. The URL includes the user identifier (for example, /assign-user/<username>).

  2. On the FIDO Key Management window, the connection to the Thales Authenticator Lifecycle Service (Windows service) is established automatically. If the service is stopped or the automatic connection attempt fails, click Connect to Service to retry.

  3. After the page connects successfully, the system retrieves the user from the URL and maps the user to the tenant’s default IDP.

  4. Review the list of FIDO devices currently connected to the workstation.

  5. Select a device and proceed based on its current status:

    • Not Configured: Select a policy and then select Configure & Assign Device to complete enrollment.

    • Ready: Use the linked policy and select Configure & Assign Device.

    • Configured: Select Assign Device to enroll the device for the user.

    • Revoked: Select Assign Device to enroll the device again for the user.

  6. When prompted, follow the on‑screen instructions (for example, touching the device) to complete the passkey operation.

  7. After the device enrollment is complete, the Enrollment Successful message is displayed. Click Back to Fido Keys.

Result

The device is successfully enrolled for the specified user, and a confirmation message is displayed. The enrolled device is available for authentication based on the selected policy.

On this page