FIDO2 architecture overview

User device: A FIDO2-capable authenticator device, such as a laptop or mobile device which runs the web browser.

Authenticator: Allows the use of biometric methods, for example fingerprint scanning or face detection to authenticate.

Authenticators can be the following:

• Platform authenticators, built into the user device.
• Roaming authenticators, connected to the user device with USB, BLE, or NFC connections.

Relying party The relying party is the web application to secure using WebAuthn, to register and authenticate users. The relying party has a frontend and a backend part. The backend has to communicate with the Authentication Cloud API to start the registration or the authentication.

Authentication Cloud FIDO2 JavaScript solution: Authentication Cloud provides a JavaScript-based solution that can be used to handle the communication between the WebAuthn API and the Authentication Cloud API. The frontend of the relying party must include a JavaScript solution to connect to the Authentication Cloud API. For more information about the JavaScript solution, see Register a FIDO2 authenticator and Authenticate with FIDO2.