By the end of this tutorial, the reader should be able to: Understand what biometrics are and the various applications of biometrics. It is also at work when a consumer is required to enter theirzip code before using theircredit card at a gas pump or when a user is required to enter an authentication code from an RSA SecurID key fob to log in remotely to anemployers system.. Verification of the WebAuthn Factor starts with getting the WebAuthn credential request details (including the challenge nonce) then using the client-side JavaScript API to get the signed assertion from the WebAuthn authenticator. If the registration nonce is invalid or if registration data is invalid, you receive a 403 Forbidden status code with the following error: Activation gets the registration information from the WebAuthn assertion using the API and passes it to Okta. parameter. Launch Duo Mobile and step through the introduction screens. The default value of rememberDevice parameter is false. Learn more about adding third-party accounts to Duo Mobile. If the passCode is invalid, you receive a 403 Forbidden status code with the following error: Omit passCode in the request to send an OTP to the device. Trusted applications are backend applications that act as authentication broker or login portal for your Okta organization and may start an authentication or recovery transaction with an administrator API token. And we can implement that fingerprint authentication in our app so to secure our app as much as we can. }', "00BlN4kOtm7wNxuM8nuXsOK1PFXBkvvTH-buJUrgWX", "https://{yourOktaDomain}/api/v1/authn/factors/dsflnpo99zpfMyaij0g3/lifecycle/duoCallback", "https://{yourOktaDomain}/js/sections/duo/Duo-Web-v2.js", "https://{yourOktaDomain}/api/v1/authn/factors/dsflnpo99zpfMyaij0g3/lifecycle/activate/poll",