Subscribe to Help Center RSS FeedEnhance your organization's security and streamline user logins by enabling FIDO2 and passkey authentication. This guide covers the settings available to you in the VaultOne platform.
Prerequisites:
- You must have administrator access to the VaultOne platform.
To configure FIDO2 settings:
- Log in to the VaultOne platform.
- In the main menu, go to Administration > Settings > Security.
- Scroll down to Two Factor Login where you can configure Passkey (FIDO2) options alongside your platform's default MFA settings.
Available FIDO2 Settings
The following settings allow you to control how passkeys are used in your environment:
- Enable Passkey Authentication: This is the master toggle for the feature. When enabled, users can log in by providing their username and then using their passkey instead of a password.
- Allow Login Only By Passkey Without Username or Email: Provides a more streamlined experience by allowing users to initiate login directly with their passkey, without first entering a username. If a passkey is not uniquely associated with a single user, the user will be prompted to enter their username.
- Restrict Passkeys to Specific Transports: Allows you to enforce which physical connection methods are permitted for passkey authentication. If you select one or more options, users can only register and use passkeys that match the allowed transports. Options include:
- USB: For security keys connected via a USB port.
- NFC: For keys using Near Field Communication.
- Bluetooth: For keys connected via Bluetooth.
- Internal: For built-in platform authenticators like Windows Hello or Apple's Touch ID.
- Hybrid: For using a mobile device passkey to sign in on a nearby computer.
Back to Top
In this Article
Learn More