The AA Windows Client needs to filter available Chains list based on the availability of locally present hardware that the AA Device Service detects as available. Right now the Windows Client dynamically filters the Chains list based on whether a user has registered all of the methods necessary to satisfy a Chain.

Likewise some filtering is also separately done based on whether local network connectivity to the AA server exists (one example is Chains that include Email OTP.

It is EQUALLY important from a UX perspective to filter the Chains a user can see for any that contain Methods with locally-attached hardware dependencies. Such methods that would be need this sort of consideration are Card, Fingerprint, Bluetooth, and possibly others. For example, if the AA Device Service indicates that a Bluetooth radio is absent from a computer, then the AA Windows should filter any Chains that happen to include the Bluetooth Method. To still show Bluetooth Chains otherwise is spreading leading the end user confusion and frustration!

Other considerations this needs to include:
- The filtering of Chains list should automatically adjust any time that AA Device Service detects OS events that associated hardware is attached/removed.
- Should have a config option to disable/enable this sort of auto-filtering in the AA Windows Client (not everyone may want this behavior, though most will)
- Should have a config option to place a checkbox or button on the login screen so that users can show the list of currently filtered Chains, along with a customizable and helpful warning printed somewhere obvious even if checkbox/button is not clicked that states: “Some authentication options are currently hidden due to missing hardware”

by: brian r. | over a year ago | Configuration