Sign in with passkeys in Authenticator for Android and iOS devices (preview)

This article covers the sign-in experience when using passkeys in Microsoft Authenticator with Microsoft Entra ID. For more information about the availability of Microsoft Entra ID passkey (FIDO2) authentication across native applications, web browsers, and operating systems, see Support for FIDO2 authentication with Microsoft Entra ID.

Scenario iOS Android
Same-device authentication in a browser 1
Same-device authentication in native Microsoft applications 2
Cross-device authentication

1Support for same-device registration in Edge on Android is coming soon.

2Native app sign-in support is coming soon.

To sign in with a passkey in Microsoft Authenticator, your iOS device needs to run iOS 17 or later.

Same-device authentication in a browser (iOS)

Follow these steps to sign in to Microsoft Entra ID with a passkey in Authenticator on your iOS device.

  1. On your iOS device, open your browser and navigate to the resource you're trying to access such as Office.

  2. You can enter your username to sign in:

    Screenshot of the sign-in with username in Microsoft Authenticator for iOS devices.

    If you most recently used a passkey to sign in, you're automatically prompted to sign in with a passkey. Otherwise, select Other ways to sign in, and then select Face, fingerprint, PIN, or security key.

    Alternatively, click Sign-in options to sign in more conveniently without having to enter a username.

    Screenshot of the sign-in Microsoft in Microsoft Authenticator for iOS devices.

    If you chose Sign-in options, select Face, fingerprint, PIN, or security key. Otherwise, skip to next step.

    Screenshot of the sign-in options in Microsoft Authenticator for iOS devices.

    Note

    If you attempt to sign in without a username and multiple passkeys are saved to your device, you're prompted to choose which passkey to use for sign-in.

  3. To select your passkey, follow the steps in the iOS operating system dialog. Verify that it's you by using Face ID, Touch ID, or entering your device PIN.

  4. You're now signed into Microsoft Entra ID.

Cross-device authentication (iOS)

Follow these steps to sign in to Microsoft Entra ID on another device with a passkey in Authenticator on your iOS device.

  1. On the other device where you're looking to sign in to Microsoft Entra ID, navigate to the resource you're trying to access such as Office.

  2. You can enter your username to sign in:

    Screenshot of the sign-in with username in Microsoft Authenticator for iOS devices.

    If you last used a passkey to authenticate, you will be automatically prompted to authenticate with a passkey. Otherwise, you may click on Other ways to sign in and then select Face, fingerprint, PIN, or security key.

    Alternatively, click Sign-in options to sign in more conveniently without having to enter a username.

    Screenshot of the sign-in Microsoft in Microsoft Authenticator for iOS devices.

    If you chose Sign-in options, select Face, fingerprint, PIN, or security key. Otherwise, skip to next step.

    Screenshot of the sign-in options in Microsoft Authenticator for iOS devices.

    Note

    If you try to sign in without a username and multiple passkeys are saved to your device, you're prompted to choose which passkey to use for sign-in.

  3. To begin cross-device authentication, follow the steps in the operating system or browser prompt. On Windows 11 23H2 or later, select iPhone, iPad, or Android device.

  4. A QR code should appear on screen. Now, on your iOS device, open the camera app and scan the QR code.

    Note

    The camera inside the iOS Authenticator app doesn't support scanning a WebAuthn QR code. You need to use the system camera app.

  5. Select Sign in with passkey when the option appears.

    Note

    Bluetooth and an internet connection are required for this step and must both be enabled on your mobile and remote device.

  6. To select your passkey, follow the steps in the iOS operating system dialog. Verify that it's you by using Face ID, Touch ID, or enter your device PIN.

  7. You're now signed into Microsoft Entra ID on your other device.

Same-device authentication in native Microsoft applications (iOS)

You can use Authenticator on your iOS device to seamlessly sign in with a passkey to other Microsoft apps, such as Microsoft OneDrive, SharePoint, and Outlook. Similar support for Android devices is coming during preview.