A Passkey/FIDO2 token can be used for second authentication for user ID log in or Passkey log in. When the user attempts to authenticate, a challenge is sent to the Passkey/FIDO2 token. The Passkey/FIDO2 token signs the challenge with a private key associated with the application to allow the user to log in.
Users must add and register their FIDO2 token in their My Profile page.
For User ID log in, the application resource rule must allow for Passkey/FIDO2 authentication for the user to be able to use their Passkey/FIDO2 token to authenticate.
When Passkey has been enabled, users see a Passkey button on the login page. They can click the button to bypass password login and use the token registered to their device to log in to IDaaS or their protected application. Passkey login is independent of the settings for Passkey/FIDO2 authentication set in the resource rule. Passkey login is available if it is enabled for the application.
To manage FIDO2 token authentication, you need User Passkey/FIDO2 Token Management permissions.
Passkey/FIDO2 authentication is available using the latest versions of Chrome, Microsoft Edge, Firefox, and Safari.
● Passkey/FIDO2 authentication is only supported for authentication to the IDaaS Administrator and User portals, SAML applications, and OIDC and OAuth applications.
● RADIUS applications and Entrust Identity Enterprise integrations do not support Passkey/FIDO2 authentication.
● All resources rules created using Identity as a Service 4.3 or later automatically have Passkey/FIDO2 authentication enabled for User ID login. For all resource rules created prior to Identity as a Service 4.3, you must enable Passkey/FIDO2 authentication.
● Passkey authentication must be enabled by an administrator. Passkey authentication is independent of resource rules.
Topics in this section:
● Modify Passkey/FIDO2 authenticator settings