s5cbf (s5cbf) asked a question.
FIDO2 Credential Protection extension
Reading OIE documentation I see that OIE provides the ability to configure FIDO2 User Verification, my question is: does it provide also the option to configure the FIDO2 Credential Protection Extension for discoverable credentials? (see https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html*sctn-credProtect-extension, which is defined by the Relying Party). Thanks in advance for your response!
Hello @s5cbf (s5cbf)
I hope you are having a great day
Thank you for posting, discoverable credentials method can be configured for Yubikey authentication, you can learn more about this topic using the link below:
https://help.okta.com/en/prod/Content/Topics/Security/mfa/yubikey.htm
Please let us know if this was useful and allow you to clarify your doubts.
Have a great day ahead
Regards
Henry Esquivel
Okta Inc
Thanks Henry but my question is specifically about the FIDO2 Credential Protection extension which is handled by Okta (see https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-credProtect-extension) and set at registration time. The link you provided does not provide information on this. I believe you should have something similar to https://help.okta.com/oie/en-us/Content/Topics/identity-engine/authenticators/configure-webauthn.htm , which explains how to configure UserVerification in FIDO2/Webauthn. Since this is part of Okta Identity Engine and not Okta Classic, I'd imagine the support for Credential Protection would also be part of OIE if provided at all. Please let us know,