Entrust Identity as a Service™ User Help
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. Manage authenticators >
  3. Manage Passkey/FIDO2 authenticators

Manage Passkey/FIDO2 authenticators

Passkey/FIDO2 authentication allows you to connect to your application using a Passkey/FIDO2 token. When you attempt to authenticate, a challenge is sent to the Passkey/FIDO2 token. The Passkey/FIDO2 token signs the challenge with a private key associated with the application to allow you to log in. You can set up your Passkey/FIDO2 token for Passkey/FIDO2 token authentication with password log in or as a passkey if your administrator has enabled passkey (passwordless login).

Note: Passkey/FIDO2 authentication is available using the latest versions of Chrome and Microsoft Edge. Firefox supports FIDO2 authentication but it does not support Passkey. Some versions of Passkey/FIDO2 tokens do not support passkey login.

Choose one of the following procedures, as required.

Add and register a Passkey/FIDO2 tokenAdd and register a Passkey/FIDO2 token

Passkey/FIDO2 authentication is available using the latest versions of Chrome  and Microsoft Edge. Firefox supports FIDO2 authentication but it does not support Passkey.  Before you activate your Passkey/FIDO2 token, you must activate your token using the activation method available. This might involve scanning a QR code or inserting the token into your USB drive on your device. If you attempt to authenticate using an unregistered Passkey/FIDO2 token, an error message appears.

Activate a FIDO2 authenticator

Before you activate your Passkey/FIDO2 token for passkey authentication, make sure you have your Passkey/FIDO2 capable device ready for authentication. If you are using a USB Passkey/FIDO2 token, ensure that you have inserted the token into the USB port on the device you want to register.

In Identity as a Service, go to > My Profile. The My Profile page appears.

Click the Authenticators tab. Your list of assigned authenticators appears.

Click . A drop-down list of authenticators appears.

Select Passkey/FIDO2. The Register Passkey/FIDO2 Token dialog box appears.

Enter a name for your Passkey/FIDO2 token. The name must be unique and can be a maximum of 100 characters in length.

For Passkey authentication, select Store UserID checkbox.

Click Register. Prompts appear on screen. The prompts vary based o the browser you are using. You might be prompted to select to scan a QR code or to use an eternal security key or a built-in sensor.

Note: If you do not respond to the registration prompts within the timeout period, an error message appears. If this happens, click Register again. Also, if the Passkey/FIDO2 token is already registered, an error message appears.

Manage a Passkey/FIDO2 authenticatorManage a Passkey/FIDO2 authenticator

Manage FIDO2 authenticators

Log in to your Identity as a Service account.

Go to My Profile.

Click the Authenticators tab. The Authenticators page appears showing your list of authenticators.

Note: You can have multiple Passkey/FIDO2 tokens assigned to you.

Click next to the Passkey/FIDO2 authenticator. A drop-down list appears with the following options:

Enable—Select to enable the Passkey/FIDO2 authenticator and then click Confirm on the dialog box.

Disable—Select to disable the Passkey/FIDO2 authenticator and then click Confirm on the dialog box.

Rename—Select  to rename the Passkey/FIDO2 authenticator and then click Update on the dialog box. The name must be unique and can contain a maximum of 100 characters.

View —Selectto view the Passkey/FIDO2 authenticator details.

Delete—Select to delete the Passkey/FIDO2 authenticator and then click Confirm on the dialog box.