The only thing that can be configured for this identity service is whether or not a verification is enforced.
- Click in the list on Passkeys.
- Check the Require verification checkbox. See section below for an explanation on required verification.
- Click Save.
Identity Services
Require verification
In cases where a passkey does not automatically require a user verification (passkeys such as Windows Hello or Bitwarden automatically require user verification by means of facial recognition or a password), the user will be presented with a request for a PIN code. An example of such a passkey can be found in some iterations of Yubikey.
Users who have not previously set a PIN for their Yubikey will not be presented with the verification step if the Require verification setting is unchecked. Users who have previously set a PIN will be presented with the verification step regardless of whether or not the setting has been activated.
Users without a registered PIN for their authenticator will not be able to authenticate with that particular passkey if the Require verification setting is turned on at a later date.
- Log in to the enrollment page
- Remove the Passkeys enrollment.
- Enroll again with the passkey. They will be prompted to set a PIN code.
User enrollment
Users have to enroll each of their passkeys separately in order to use them to authenticate with Specops Authentication. The maximum number of enrolled passkeys is five. Please refer to the End User page for more information.
Passkeys limitations
The Passkeys identity service is incompatible with the secure browser. For password resets using the secure browser Passkeys will therefore not be shown in the list of available identity services.