FIDO2 is a passwordless authentication standard established by the FIDO Alliance.

It defines an authentication protocol between "authentication device", "web browser" and "RP server", and is provided as a general-purpose mechanism that does not use a password when authenticating a web application.

This system uses the FIDO2 authentication method for the OpenAM authentication chain to realize user authentication using the FIDO2 authentication device.

Device used for FIDO2 authentication

・Windows Hello compatible PC

・FIDO2 compatible Yubikey device

・Google Titan device

Please register from the "Authentication Device Setting" in the user profile.
* Multiple FIDO2 authentication devices can be registered.

1. Access the user profile screen.
   https://id.jaist.ac.jp/ui/user/login
   
   
2. Log in at JAIST-SSO.
   * When accessing from an off-campus network, multi-factor authentication (e.g. OTP or certificate) must be prepared.
   
   
3. Click on "Authentication Device Setting".
   
   
4. Click on the "Add" button under 'Passkey'.
   
   
5. JAIST-SSO certification again.
   
   
6. Follow the on-screen instructions to operate the authentication device.
   
   
7. Name the authentication device.
   
   
8. When registration is complete, return to the profile home screen, access the "Authentication Device Setting" again and check that you are registered in the passkey field.

1. Accessing services requiring JAIST-SSO system
   
   
2. Enter your user nameIf a FIDO2 device (passkey) has been registered, the FIDO2 authentication screen will appear, authenticate using the method you have set and click 'OK'.
   *When authentication is successful with FIDO2, passwords and multi-factor authentication are not required.