Logo / Docs

Add WebAuthn Passkey

FusionAuth Reactor logo

This feature is available to licensed FusionAuth instances as of version 1.52.0. A free license is available in the Plan tab for any user who registers in the account portal.

Available since 1.41.0

Add a WebAuthn Passkey

WebAuthn is disabled by default on a tenant. To toggle navigate to Tenants -> Edit Tenant -> WebAuthn. In order for the user to use the registered passkey, at least one WebAuthn workflow must be enabled for the tenant.

Enable WebAuthn on Tenant (Admin Facing)

WebAuthn is disabled by default at the tenant level. It can be toggled on and off as needed.

Enable WebAuthn on Tenant

In order for a user to use a passkey, one or more WebAuthn workflows must be enabled at the tenant or application level. See the WebAuthn Admin Guide for more details on configuration.

Add a Passkey from Account Management (User Facing)

Account Management Index
  1. Navigate back to your account page
  2. Click Manage passkeys
  3. Click Add passkey
WebAuthn Index WebAuthn Add Passkey

Next,

  1. Enter a display name for the new passkey. You should choose something that helps you remember the authenticator and browser it was registered.
  2. Click the Submit button.
  3. Complete the WebAuthn registration with your authenticator of choice.

See It in Action (User Facing)

You can use a registered passkey to complete enabled WebAuthn workflows. This example uses the bootstrap authentication workflow by clicking the “Fingerprint, device or key” button on the login screen.

Bootstrap Login Button
  1. Click the Fingerprint, device or key button to go to the WebAuthn bootstrap login page.
  2. Enter your username or email address.
  3. Click the Submit button.
  4. Complete the WebAuthn authentication with the registered passkey.
WebAuthn Bootstrap Login WebAuthn Bootstrap Prompt