Register passkeys in Authenticator on Android or iOS devices (preview)

This article shows how to register a passkey using Microsoft Authenticator on your iOS or Android device by directly signing into the Authenticator app or by using My Security info. For more information on the availability of Microsoft Entra ID passkey (FIDO2) authentication across native apps, web browsers, and operating systems, see Support for FIDO2 authentication with Microsoft Entra ID.

The easiest and fastest way to add a passkey is to add it directly in the Authenticator app.

Alternatively, you can add a passkey from your mobile device browser, or through cross-device registration using another device, such as a laptop. Your mobile device needs to run iOS version 17, or Android version 14, or later.

Scenario iOS Android
Same-device registration by signing into Authenticator
Same-device registration in a browser 1
Cross-device registration

1Support for same-device registration in Edge on Android is coming soon.

Same device registration using direct sign in to Authenticator (iOS)

You can sign in to Authenticator to create a passkey in the app and get seamless single sign-on (SSO) across Microsoft native apps. This is the recommended and preferred flow to set up a passkey in Authenticator. If you're signed in or already have an account in Authenticator, you still need to complete these steps to add a passkey in Authenticator.

  1. Open Authenticator.

  2. Tap Add account or the + button.

    Note

    If you already have an account in Authenticator, you still need to tap on the + button to sign in and register a passkey for that same account.

    Screenshot of how to register using Microsoft Authenticator for iOS devices.

  3. Select Work or school account.

    Screenshot of choosing Work or School Account using Microsoft Authenticator for iOS devices.

  4. Tap Sign in.

    Screenshot of tapping the Sign in option using Microsoft Authenticator for iOS devices.

  5. You need to complete multifactor authentication (MFA).

    Screenshot of completing  multifactor authentication (MFA) using Microsoft Authenticator for iOS devices.

  6. Select Open Settings to enable Authenticator as a passkey provider.

    Screenshot of Open Settings and follow the on-screen instructions using Microsoft Authenticator for iOS devices.

  7. Open Passwords, then select Password Options.

    Screenshot of select Passwords and selecting Password Options using Microsoft Authenticator for iOS devices.

  8. Ensure Autofill Passwords and Passkeys is turned on.

    Screenshot of Autofill Passwords and Passkeys is turned on using Microsoft Authenticator for iOS devices.

  9. In the Use Passwords and Passkeys From option, make sure Authenticator is selected.

    Screenshot of Use Passwords and Passkeys from using Microsoft Authenticator for iOS devices.

  10. Authenticator sets up passkey, passwordless, and MFA for sign in according to your work or school account policies.

    Screenshot of setting up passkey, passwordless, and/or MFA for sign in using Microsoft Authenticator for iOS devices.

  11. Tap Continue to complete the registration process.

Same-device registration from a browser (iOS)

You can also use your web browser to set up a passkey in Authenticator.

  1. Using your iOS device, open a web browser and sign-in to My Security info.

    Screenshot of how to sign in using Microsoft Authenticator for iOS devices.

  2. Tap + Add sign-in method.

    Screenshot of the Security Info screen in Microsoft Authenticator for iOS devices.

  3. Select Passkey in Microsoft Authenticator (preview).

    Screenshot of the drop-down list of options in Microsoft Authenticator for iOS devices.

  4. Tap Add.

    Screenshot of the Security Info screen Add Sign-in Method option.

  5. Sign in with multifactor authentication (MFA) before adding a passkey.

    Screenshot of the two-factor authentication requirement to set up a passkey.

    After you sign in with MFA, continue through the rest of the passkey setup.

  6. If necessary, download Microsoft Authenticator and tap Next.

    Screenshot of the download app option in Microsoft Authenticator for iOS devices.

  7. Follow the steps to turn on Authenticator as a passkey provider in the Settings of your iOS device:

    • On your iOS device, open Settings.
    • Open Passwords, and select Password Options.
    • Ensure Autofill Passwords and and Passkeys is turned on.
    • Under Use Passwords and Passkeys From, select Authenticator.
    • Return to My Security info and select Continue.

    Screenshot of the turn-on passkey support option in Microsoft Authenticator for iOS devices.

  8. When ready, read the reminder that you must save the passkey in Authenticator, and tap I understand to continue.

    Screenshot of the I understand option in Microsoft Authenticator for iOS devices.

  9. Your device opens a security window. Save the passkey to Authenticator following the prompts on your device.

    Screenshot of the save passkey option in Microsoft Authenticator for iOS devices.

  10. Once the passkey is successfully created on your device, you're directed back to My Security info.

  11. Name the passkey something memorable to you, and select Done.

    Screenshot of the successful creation of a passkey in Microsoft Authenticator for iOS devices.

  12. You can now see the passkeys in Authenticator along with your other registered security info options.

    Screenshot of the Security Info user display of the successful passkey.

Cross-device registration (iOS)

You can also save a passkey in Authenticator from your computer or another mobile device. This registration option requires Bluetooth and an internet connection for both devices.

  1. Using another device, such as a laptop, open a web browser and sign in to My Security info.

  2. Tap + Add sign-in method > choose Passkey in Microsoft Authenticator (preview) > Add.

    Screenshot of how to add passkey in Microsoft Authenticator as a sign-in method.

  3. Sign in with multifactor authentication (MFA), then tap Next.

    Screenshot that notifies user to sign in with a second factor before they add a passkey.

  4. If necessary, download Microsoft Authenticator, then tap Next.

    Screenshot that notifies user that their organization requires them to add a passkey.

  5. Tap iOS.

    Screenshot that lets user choose iOS or Android.

  6. Follow the steps to turn on Authenticator as a passkey provider in Settings of your iOS device:

    • On your iOS device, open Settings.

    • Open Passwords select Password Options.

    • Ensure Autofill Passwords and and Passkeys is turned on.

    • Under Use Passwords and Passkeys From select Authenticator.

    • Return to My Security info, and select Continue.

      Screenshot that notifies user to turn on Authenticator in Settings app on their Android device.

  7. Open the camera app on your mobile device.

    Note

    The camera inside the iOS Authenticator app doesn't support scanning a WebAuthn QR code. Make sure you use the system camera app.

  8. When ready, read the reminder on My Security info that you must save the passkey in Authenticator, and tap Next to continue.

    Screenshot that notifies user to save another way.

  9. A security dialog opens on your device.

  10. Tap iPhone, iPad, or Android device, then tap Next.

    Screenshot that lets user choose where to save their passkey.

    Note

    The displayed options can vary on different browsers and devices. If the device where you started the registration process supports passkeys, you're asked to save the passkey to that device. Select Use another device or More options to see other ways you can save the passkey.

  11. Use the system camera app to scan the QR code, then tap Save a passkey.

    Screenshot of QR code.

  12. Your iOS device should now connect over Bluetooth to the device you started registration with.

    Screenshot that notifies user that device is connected.

    Note

    Bluetooth and an internet connection is required for this step and must be enabled on both your mobile and remote device.

  13. Your iOS device opens a security window. Save the passkey to Authenticator following the prompts on your device.

    Screenshot of save passkey in Microsoft Authenticator for iOS devices.

  14. Once the passkey is successfully created on your device, you're directed back to My Security info, tap Done.

  15. Name the passkey something memorable to you and select Done.

    Screenshot where user can change friendly name of the new sign-in method.

Delete your passkey in Authenticator for iOS

To remove the passkey from Authenticator, click the Trash icon, then tap Delete to confirm.

Screenshot of the passkey delete option in Microsoft Authenticator for Android devices.

Note

You also need to delete the passkey from My Security info.

Troubleshooting

In some cases when you try to register a passkey, it gets stored locally in the Authenticator app but not registered on the authentication server. For example, the passkey provider might not be permitted, or the connection might time out. If you try to register a passkey and see an error that the passkey already exists, delete the passkey that was created locally in Authenticator, and retry registration.

Screenshot of the passkey delete option in Microsoft Authenticator for Android devices.