Register a passkey (preview)
This article shows how users can register a security key using the Passkey (preview) flow. For registration on a mobile device, see Register a passkey using a mobile device.
Note
Looking to provide passkeys (FIDO2) on behalf of users? Use our APIs.
For more information about enabling passkeys in Microsoft Authenticator, see How to enable passkeys in Microsoft Authenticator.
Manual registration
Users can register a passkey (FIDO2) as an authentication method by navigating and completing the process from a browser at Security info.
Tap Add sign-in method > Choose a method > Passkey (preview) > Add.
Sign in with multifactor authentication (MFA) before adding a passkey, then tap Next.
- If you don't have at least one MFA method registered, you must add one.
- An Authentication Policy Administrator can also issue a Temporary Access Pass to allow a user to strongly authenticate and register a passkey.
A security dialog opens on your device and asks where to save your passkey.
Note
Options displayed vary depending on your browser and device operating system. If the device where you started the registration process supports passkeys, you'll be asked to save the passkey to that device. Select Use another device or More options to display additional ways for you to save the passkey.
If your organization allows saving a passkey to a security key:
- Choose Security Key.
- Follow the guidance and insert or connect your security key when requested.
- You're prompted to create or enter a PIN for your security key, then perform the required gesture for the key.
- Upon completion, review any additional information from the security dialog, then tap Ok or Continue.
After you're redirected to Security info, you can change the default name for the new sign-in method.
Tap Done to finish registering the new method.