Knowledge Base

Authenticating With Passkeys 

This article explains how to register WebAuthn passkey as an authentication factor and use it to access OneLogin with multiple devices. 

Prerequisites: 

  • You must have access to a device supported by passkeys as well as an AppleID or Google account to associate with the passkey.
  • Your administrator must have enabled WebAuthn as an authentication factor and assigned it to your security policy.
  • To register a passkey for use with multiple devices, you must access your OneLogin portal from a supported Windows or macOS computer, with an additional supported mobile device available to complete registration. Both devices must be Bluetooth-enabled and connected to the internet.
  • Once a passkey has been registered to your OneLogin account, you can use it from any supported device with Bluetooth enabled and associated with the AppleID or Google account used to register.

 

 


 

As part of our existing WebAuthn capability, OneLogin now supports a new WebAuthn credential: passkeys. These versatile credentials can be used with a single device or across multiple devices according to your organization's needs. This article explains how to register and use a passkey to access OneLogin with multiple devices.

To set up passkeys, begin by signing in to your OneLogin user portal. If you're signing in for the first time and your security policy requires multi-factor authentication, you'll be prompted to register a factor. Otherwise, you can add a security factor by going to Security Factors in your user profile. When prompted, select the WebAuthn factor.

When prompted to Create a passkey, select Continue.

Windows

Select Use a phone or tablet.

Do not select Windows Hello or other external security key! Passkeys created locally on a Windows device cannot be synced to other devices.

Important!: If you're access the OneLogin portal from a Windows computer, you may be prompted to verify your identity with a device PIN or biometrics. Select Cancel on these prompts until the passkey prompt appears.

Windows - 'Create a passkey'

macOS

Select Use a phone or tablet to sync your passkey with any supported device, or This device to sync it only with other Apple or iOS devices associated with your AppleID.

macOS - 'Create a passkey'

After selecting your passkey device, use the camera on your mobile device to scan the QR code that appears, and Save the passkey when prompted. Unlock your device to confirm you want to save the passkey; it will appear in the Security Factors listed in your OneLogin user profile.

The next time you attempt to access OneLogin, you'll be prompted to Use your passkey. Select Use a phone or tablet to receive a new QR code. Scan the code to complete your sign-in.

Troubleshooting
Don't see WebAuthn in your list of possible factors?

If WebAuthn doesn't appear in the list of available security factors, your organization either hasn’t configured it for multi-factor authentication (MFA), or they've configured it but haven't assigned it to your user policy. Contact your administration for more information.

Help! I lost my phone or accidentally deleted my passkey!

Because the passkey is associated with your Google or AppleID account, you can continue using it to access OneLogin from any device connected to the same account; the original device used to register your passkey is not required. However, if your passkey is deleted or you lose access to the associated account entirely, contact your administrator to remove the passkey from your OneLogin security factors, allowing you to re-register with a new device or account.

Was this article helpful?