Second-Factor With Web Authentication
Second-factor authentication requires users to confirm their identities through another method in addition to the usual username/password credentials. After supplying the usual username and password, the app sends the user a confirmation code through SMS or Email. The user must enter that confirmation code before the system signs them into the app.
The Second-factor authentication with web authentication feature uses an alternative to the confirmation code method. The alternative is to use an authenticator.
An authenticator is a device such as a PC, mobile phone, or tablet that can:
- Set up a private/public key pair
- Locally confirm consent by a user
How It Works
The following diagram depicts the sign-in flow, before an authenticator is registered:
Now that Express has a public key credential for the authenticator, subsequent sign-ins use the authenticator as a second factor:
If you’re familiar with OpenID Connect (OIDC) specifications, the Web App is the Relying Party, and the ForgeRock Identity Cloud is the Authorization Server.