Passkeys authentication

Passkey authentication is a cutting-edge method that leverages biometrics like Touch ID, Face ID, and security keys. It relies on the authentication capabilities present on users' devices, enhancing security while simplifying the login process. By harnessing your device's built-in security features, you can ensure the safety of your data and enjoy a more manageable alternative to passwords and conventional two-factor authentication methods.

This innovative concept emerged from the collaborative efforts of tech giants Apple, Google, and Microsoft. These industry leaders embraced passkeys as a means to elevate authentication standards, incorporating widely accepted protocols such as FIDO and WebAuthn.

Key advantages of passkey authentication:

• Efficiency: Biometrics streamline the login process, offering swift and uncomplicated access.
• Enhanced Security: Passkeys are often tied to specific devices or users, adding an extra layer of protection against unauthorized access and data breaches.
• User-Friendly: Passkeys eliminate the need for remembering intricate passwords or retrieving one-time codes from emails or phones, providing a hassle-free experience.
• Cross-Device Convenience: Passkeys empower users to access their sign-in credentials across multiple devices, including new ones, without the need for re-enrollment.

Incorporating passkey authentication into your system not only improves security but also enhances the overall user experience. With its speed, reliability, and user-centric design, passkeys redefine modern authentication methods.

Enable login with passkeys

Add passkeys to your sign-in page:

1. Go to the builder.
2. Go to the login box tab.
3. Enable the Passkeys toggle.

This is how your sign-in page would look with the Sign in with passkey button:

Passkey management for end users is available via the self-service Privacy & Security page. Ensure it is enabled and published.

Passkeys setup on sign-in

Once passkeys are enabled in the environment, users will be prompted to set up passkeys on their next login.

After setting up their passkey on the device, when the user clicks Login with passkeys, they will be prompted for their fingerprint, Face ID, or another passkey they’ve set up.

Login with passkey full flow

Manage and delete a passkey

Only one passkey is allowed per user and device. To switch to another passkey, the user will need to delete the existing one from the self-service → Privacy & Security tab. Ensure the self-service portal is integrated and this section is enabled for end users.

Passkeys restrictions

• MFA: Multi-factor authentication (MFA) is used to ensure a second authentication method that is different from the main authentication. Our MFA methods include authenticator apps, built-in authenticators, SMS, and security keys. To avoid double use of WebAuthN authentication, we enforce different authentication methods.

• On the builder: You won't be able to add passkeys unless you have "SMS" or "Authenticator apps" as MFA options for your users.

  • On the sign-in flow: If users authenticate with "built-in authenticators" or "security key" as an MFA method, they won't be able to see the passkey prompt page.

• On the self-service: If MFA is forced, users won't be able to set up passkeys unless they have set up SMS/Authenticator apps as MFA methods.

• SSO sign-in: Users who log in with SSO won’t be able to set up passkeys. SSO is considered a secure authentication method, and when enabled, it means users must sign in with SSO.

  • On the sign-in flow: The passkey prompt page won't be visible.
  • On the self-service: The Passkeys section won't be visible.