Problem statement
We have a number of questions about webauthn :
- Where can the value of webauthn_platform_first_factor be set in the dashboard?
- What exactly does webauthn_platform_first_factor configuration control?
- Because webauthn_platform_first_factor is not present in prompts/prompts.json file when we do an export of our nonprod tenant using the Auth0 deploy-cli tool, does that mean the value is false? Is false somehow different than the value not being present in the file at all?
Solution
- Where can the value of ‘webauthn_platform_first_factor’ be set in the dashboard?
From within the dashboard, from the left-hand menu, select Authentication, then navigate to:
Authentication > Authentication Profile > Select “Identifier First + Biometrics”
Towards the top-right corner of the dashboard, there is a Save button. Click on this to enable this option.
- What exactly does ‘webauthn_platform_first_factor’ configuration control?
This controls whether webauthn Biometrics are used with Identifier-First.
- Because webauthn_platform_first_factor is not present in prompts/prompts.json file when we do an export of our non-production tenant using the Auth0 deploy-cli, does that mean the value is false? Is false somehow different than the value not being present in the file at all?
If the option is not in the payload then it is false by default. In the Authentication Profile section of the dashboard, there are 3 options available:
- Identifier + Password
- Identifier First
- dentifier First + Biometrics
Option 3 is what controls ‘webauthn_platform_first_factor’
In cases where a tenant is showing ‘webauthn_platform_first_factor’ in the payload, this is because it was either set by deploy-cli or at some point, an admin in the Production tenant clicked on “Identifier First + Biometrics” in the dashboard and then clicked Save. Once it is saved, it will be in the payload going forward.