Registering Passkey for Passwordless authentication

Passkeys provide a faster, more secure way to sign in without entering a password. Once enabled by your organization and registered on your account, a passkey can be used to authenticate using a trusted device, biometric verification (such as fingerprint or face recognition), a PIN, a security key, or a supported password manager.

This article explains the registration process, supported registration methods, sign-in experience, and known limitations of passkey authentication in OneIdP.

Before You Begin

1. Passkey settings should be enabled for your Directory (from Directory Settings)

How Passkey Registration Works

1. Enter your OneIdP credentials on the respective SSO Application or User Portal, and sign in.
   

   

2. To register, complete any required authentication steps, such as:

   • Password verification

   • Managed device verification

   • One-time password (OTP) verification

   • Other configured sign-in requirements (Compliance etc.)

   

3. After the required verification steps are completed, you will see a prompt to register a passkey. You can choose one of the following:

   • Set Up a Passkey: This will prompt you to register a passkey (explained below).

   • Skip for Now: This will allow you to continue signing in without registering a passkey using your existing authentication requirements. You can register a passkey during a future sign-in when prompted.

   

Setting Up a Passkey

1. When you select Set Up a Passkey, your browser or device (based on platform) will display a passkey registration prompt.

2. Depending on your device and organization settings, you can register a passkey using:

   1. Windows: A built-in authenticator such as fingerprint, face recognition, or device PIN

   2. iPhone, iPad or Android: This option requires scanning a QR code with your phone or tablet. When prompted, tap Use passkey or use the QR scanner on your device. If you choose to save the passkey on your phone or tablet, Bluetooth pairing may be required to verify the device.

   3. Security key: You will get a prompt to insert the key in the device and set up key

   4. Password Manager: You can store your passkey in Google Password Manager or any other credential manager that supports syncing.

   

3. Follow the on-screen instructions to complete registration.

End User Experience

Here is how you can login using passkey (with security key):

1. Enter OneIdP credentials and click Continue
   

   

2. Click on USB security key
   

3. Next, you will get a prompt to enter the PIN after inseting the security key in the USB port of your device. Enter PIN and click Next
   

4. Next, you will get the following screen. Touch on the security key device to complete request.
   

5. Once verification is complete, click on Complete Sign In. At this stage, compliance checks take place.
   

6. Enter the OTP you have received in the authenticator app and click LogIn
   

Known Behaviors

1. Passkey authentication is not currently supported in most native applications.

2. Users cannot register a passkey on Windows devices when both Keycard and Just-In-Time (JIT) provisioning are enabled.

3. Passkey registration using NFC on Android devices is currently not supported. However, NFC-based passkey authentication works as expected for previously registered passkeys.

4. Users can continue to sign in using a registered passkey even when a different Identity Provider (IdP) is configured for authentication.