Thanks!

Hi Patrick, I initialise the key so that it cleared of all credentials and I could add a new PIN and Biometric. This is not Windows dependent, and it can be used on any device. I hope that clarifies your question.

Hi Richard, I am glad you appreciate the videos, thanks for letting me know. At the moment I only make the webapp available to people that come on my Identity Masterclass - sorry!

There are two aspects here, the application and the entity that checks the authentication. They could be the same. In the case of Azure AD, Azure AD will be the relying party managing the authentication. The application could be one of the M365 suite of apps. From an application perspective you could validate the type of authentication strength required and are those requirements enforced by the application. From an IdP perspective, you could validate if: FIDO2 is required, the type of FIDO2 key and if signature validate is enforced.

@@john_craddock Thank you! I appreciate you taking the time to answer

Hi Patrick, that's my plan! I am please you enjoyed it

After further digging, I believe this has to do with SSRP being enabled for All Users. I can't register Password reset for a keyonly user, did you need to apply some exclusions to your v-john user in the demo?

Hi @Doctair, sorry for the slow response, it's been a very busy few weeks! Can you provide a few more details of what you are attempting and also the video time for the demo you are referring to and I will take a look. Thanks John

@@john_craddock Hi John, , just had time to circle back on this. There is no problem with setting up the TAP and FIDO2 Keys. your Vid was perfect! My issue, was that my version of the "real" v- john, had been in a loop after the OTP is put in. I could not register the KEY in the "adding Fido key to your Account" section until I disabled SSRP for the entire Tenant. In your demo environment, did you already have SSRP disabled or selected to a specific Group, that perhaps v-john was not a part of ? Are there additional settings you had before your demo was recorded. I hope that makes sense? thanks again for the great vids. been learning a lot.

Hi VivoKey, Thanks for watching! If you want to get into the actual details of the code flows have a look at the Mozilla docs here developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API and a good starting point the the Yubico "The WebAuthn standard" whitepaper. You will see CTAP2 works along side the WebAuthn APIs.

Hi Sunny, thanks for joining. Don't stop following Andy 🤣🤣

Hi Adam, thank for watching and commenting.

Thanks Tete, hopefully refreshing all the right parts🤣