This article applies to users attempting to register a FIDO security key as an authenticator in RSA ID Plus.

When registering a FIDO security key, the process seems to work as expected but then the error message "Registration Unsuccessful" is displayed and the authenticator does not appear as a registered authenticator on the My Authenticators page.

As stated in the product documentation, "The RSA Cloud Authentication Service is a FIDO2-certified server that supports only the FIDO authenticators certified by the FIDO Alliance." If a user tries to register a FIDO security key that has not been formally certified by the FIDO Alliance then the registration will be unsuccessful and an error message will display. (The error message will be updated in a future release to be more specific on the underlying cause.)

If you encounter this issue, check to see if your FIDO Security Key is certified by the FIDO Alliance.

If your security key is not listed on the FIDO Alliance website (meaning it is not a formally certified device) then it unfortunately cannot be used as a FIDO authenticator in RSA ID Plus at this time and you will need to register an alternative authenticator such as the RSA Authenticator app or another FIDO security key.

When this issue occurs, an error will be logged in the User Event Monitor within the Cloud Administration Console with the description "FIDO enrollment failed - FIDO protocol error" and with "INVALID_ATTESTATION" displayed in the Authentication Details.