Overview
This article describes how to allow users to enroll themselves in Webauthnn using the MFA API.
Solution
At the moment, the ability to enroll Webauthn via the MFA API is currently in the product roadmap scheduled for Q3 (July-August) of this year. There are two workarounds to achieve this outcome:
- Leveraging on MFA enrollment ticket endpoint to allow users to enroll in MFA. Since at least one other MFA factor is required for Webauthn, the user will be prompted first with the other MFA factor (for example, SMS MFA, ) and only after enrolling in that method will they be prompted to also complete Webauthn enrollment as well.
- Using the Post-Login Actions ‘enrollWith’ method and specify WebAuthn, and other MFA factors as needed. This would allow users who are logging into the application to be prompted to enroll in MFA during this login flow before returning to the application.