Identifier First + Biometrics not prompting users to enroll in biometrics

Problem Statement

We have Identifier First + Biometrics enabled. But users are not prompted to enroll in biometrics after signing up.

We have a rule to conditionally prompt for MFA.

//rule logic to determine verify_mfa

  if (verify_mfa) {
    context.multifactor = {
      provider: 'any',
      allowRememberBrowser: false 
    };
  } else {
    context.multifactor = {
      provider: 'none',
      allowRememberBrowser: false 
    };
  }

Troubleshooting

  • Verified using New Universal Login
  • HAR file shows in the /identifier request that js-available: true and webauthn-available: true, meaning that the device should support biometrics.
  • MFA is set to Never, and the Biometrics option is enabled.

Solution

Putting context.multifactor = { provider: ‘none’ } in a rule will prevent the Identifier First + Biometrics from having any users get prompted to enroll in biometrics even if biometrics is intended as a passwordless option. Therefore, please remove provider: 'none'.