The FIDO U2F facilitates method enables you connect the FIDO U2F compliant token to the computer or laptop and touch the flashing token to authenticate. When you try to authenticate on any device, token connected to the device is compared with the actual device. If the device details match, you are authenticated successfully.
NOTE:To use the FIDO U2F method for authentication, you must install the Advanced Authentication Device Service. For more information on Device Service, see the Advanced Authentication - Device Service guide.
To authenticate using the FIDO U2F method, perform the following steps:
Ensure that the FIDO U2F token is connected to the workstation.
A message Please touch the flashing U2F device now is displayed.
Touch the button on the token when you see a blink.
If the token and attestation certificate in the token matches with the enrolled U2F token, the FIDO U2F authentication is successful.
If the device does not blink, wait for few seconds. If you do not see the blink for more than a minute, try to reconnect your token and repeat the steps.
NOTE:Administrator can configure an automatic session lock or log off on the U2F events. When a user returns to the workstation, the user must connect the U2F device to the workstation to unlock.
The following table describes the possible error messages along with the workaround for the FIDO U2F authentication.
Table 4-13 FIDO U2F authenticator - error messages
|
Error |
Possible Cause and Workaround |
|---|---|
|
Wrong token. Try another one |
The token that you have connected is incorrect. Try to authenticate with another token or re-enroll the authenticator in Self-Service portal or contact your helpdesk administrator. |
|
Connect a token |
The token is not connected properly. Try to connect it to a different USB slot and authenticate again. |
|
<Your user name> has no authenticator for U2F |
You have not enrolled for U2F method. You must enroll the authenticator in the Self-Service portal or contact your helpdesk administrator. |