1. SecureAuth Support
  2. Support Documentation
  3. IdP Knowledge Base Articles

FIDO Enrolments fail with 'We couldn't verify your device. Try again later...'

Follow
Avatar
Ben Watts
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Hybrid
  • On Premises

    • Version Affected:  All
     

    Description:  
    After configuring a FIDO enrolment Realm in New Experience and attempting to enrol a FIDO Device, the Enrolment will fail with 'We couldn't verify your device. Try again later or use a different browser, device or operating system'


     

    Cause:  
    This can be caused by the 'Authenticator-Type' in use, compared to the forced Authenticator-Type required by the Authenticator itself.
    If the Authenticator requires an Authenticator-Type which is not selected within the FIDO enrolment Realm configuration, the enrolment will fail with the above error.

    For example, selecting 'Cross-Platform' and 'Platform' should allow enrolments of Yubikeys and Windows Hello devices as per the description within the UX, as below:



    But if the Authenticator passes back an Authenticator-Type of unspecified and we do not have unspecified selected in the UX, the enrolment will fail.

    IdP can not influence the Authenticators themselves, we can limit the Authenticators which can be used when enrolling a FIDO device, by only allowing Authenticators which allow 'Cross-Platform' or 'Platform', but this may be a bit too restrictive for business use.
    To ensure devices can still be enrolled even if the Authenticators themselves pass back an Authenticator-Type of unspecified, we need to ensure we are configured to allow those Authenticator-Types to be used

     

    Resolution:  
    Ensuring the 'Unspecified' Authenticator-Type is selected within the FIDO enrolment Realm configuration, will allow the enrolment to complete as expected in most cases

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Article is closed for comments.

    Related articles

    Links:

    Identity Platform Documentation Portal
    Identity Platform Product Lifecycle Policy
    Global Support Policy

    Contact Support:

    Submit a Ticket
    Identity Platform Support: (866) 859-1526