Home
Product documentation
Support homeSupport requestsSystem statusTrust centerTry for free

Passkeys

Suggest Edits

The Passkey method allows customers to authenticate using device-based biometrics or platform authenticators such as Touch ID, Face ID, or Windows Hello. Passkeys provide a phishing-resistant, passwordless authentication experience that improves security and usability.

Enrollment

Customers can choose to add a passkey during account registration or, if passkey promotion is enabled, during login or a password change.

  • Supported passkey methods include:
    • Device biometrics (e.g., fingerprint, facial recognition)
    • Platform authenticators (e.g., Touch ID, Face ID, Windows Hello)
Creating a passkey using Google Chrome on a computer

Creating a passkey using Google Chrome on a computer

Authentication flow

  1. When a customer interacts with the identifier input field, the device’s passkey autofill feature is triggered, allowing them to select a saved passkey.
  2. Alternatively, customers can select Sign in with passkey to initiate authentication manually.
  3. The browser or operating system UI prompts the customer to confirm their identity (e.g., biometric verification).
  4. If adaptive MFA is configured for passwordless login, the customer is authenticated seamlessly without needing a password or an additional authentication factor.
Browser prompt for identity verification on Google Chrome

Using a saved passkey in Google Chrome on a computer

Fallback handling

If a passkey cannot be used (for example, if the customer is on an unsupported device), authentication falls back to other methods (if available):

  • Password
  • Multi-factor authentication (MFA)

Limitations

  • Passkeys act as an MFA method during registration but can also serve as a primary authentication method in passwordless flows.
  • To meet system security requirements, customers must configure at least one additional authentication option.

Passkey promotion

Passcode promotion screen

Passkey promotion screen

Administrators can encourage customers to adopt passkeys using the passkey promotion feature, available in the Self-service policy.

  • The passkey promotion screen is shown only for applications where passkey authentication is enabled in the Adaptive Access policy.
  • Administrators can configure when the passkey promotion screen appears:
    • During registration
    • During login
    • After a password change

📘

A more in-depth description of Passkeys is available in our passkey documentation.

Updated about 3 hours ago