Register a passkey (preview)

This article shows how users can register a security key using the Passkey (preview) flow. For registration on a mobile device, see Register a passkey using a mobile device.

For more information about enabling passkeys in Microsoft Authenticator, see How to enable passkeys in Microsoft Authenticator.

Manual registration

1. Users can register a passkey (FIDO2) as an authentication method by navigating and completing the process from a browser at My Security info.

2. Tap Add sign-in method > Choose a method > Passkey (preview) > Add.

3. Sign in with multifactor authentication (MFA) before adding a passkey, then tap Next.

   1. If you don't have at least one MFA method registered, you must add one.
   2. An Authentication Policy Administrator can also issue a Temporary Access Pass to allow a user to strongly authenticate and register a passkey.

   

4. A security dialog opens on your device and asks where to save your passkey.

   Note

   Options displayed vary depending on your browser and device operating system. If the device where you started the registration process supports passkeys, you'll be asked to save the passkey to that device. Select Use another device or More options to display additional ways for you to save the passkey.

   

5. If your organization allows saving a passkey to a security key:

   1. Choose Security Key.
   2. Follow the guidance and insert or connect your security key when requested.
   3. You're prompted to create or enter a PIN for your security key, then perform the required gesture for the key.
   4. Upon completion, review any additional information from the security dialog, then tap Ok or Continue.

6. After you're redirected to My Security info, you can change the default name for the new sign-in method.

7. Tap Done to finish registering the new method.

Next steps

• Choosing authentication methods for your organization