Identifier First + Biometrics not prompting users to enroll in biometrics

lihua.zhang · December 6, 2022, 6:24pm

Problem Statement

We have Identifier First + Biometrics enabled. But users are not prompted to enroll in biometrics after signing up.

We have a rule to conditionally prompt for MFA.

//rule logic to determine verify_mfa

  if (verify_mfa) {
    context.multifactor = {
      provider: 'any',
      allowRememberBrowser: false 
    };
  } else {
    context.multifactor = {
      provider: 'none',
      allowRememberBrowser: false 
    };
  }

Troubleshooting

Verified using New Universal Login
HAR file shows in the /identifier request that js-available: true and webauthn-available: true, meaning that the device should support biometrics.
MFA is set to Never, and the Biometrics option is enabled.

Solution

Putting context.multifactor = { provider: ‘none’ } in a rule will prevent the Identifier First + Biometrics from having any users get prompted to enroll in biometrics even if biometrics is intended as a passwordless option. Therefore, please remove provider: 'none'.