Add login passkey

This section describes how to add passkeys for logging into the YubiOn FIDO2 Server Service management website.

Add a passkey

This is the procedure for adding a passkey for logging into the management website.
By registering multiple passkeys, you can use them as recovery in case of lost passkeys.

Operation Procedure

  1. Click on the name area in the upper right corner of the management website.

  2. Click “User Settings.” user settings user settings

  3. Click on the Register passkey button. passkey register button passkey register button

  4. Click the Register button in the passkey registration modal. register button register button

    Advanced settings
    • Do not store ID information in the credential(Non-discoverable Credential)
      When this setting is turned on, ID information is not recorded in the authenticator, so you must enter your ID (administrator’s e-mail address) when logging in.
      Turn on if you do not want to store ID information in the passkey. The default setting is off.
      Depending on the passkey provider for synchronized passkeys, this setting may be registered as a discoverable credential even if it is turned on.

  5. Select the passkey you wish to register.

    The passkey registration function implemented in the OS and browser will be called up. Follow the instructions to register your passkey.

    Types of passkeys

    The usage method varies depending on the OS and browser, but in most cases, the following usage methods are available.

    • Internal authenticator of the device you are using
      The passkey is stored inside the device you are using (such as a PC). This is called a platform authenticator.
      During registration and authentication, you will be asked to authenticate using the authentication mechanism (such as a fingerprint sensor) built into the device, or by entering a PIN.
      Depending on the OS and browser implementation, the passkey may be stored as a synchronized passkey using an account provided by the OS vendor (e.g., Apple Account, Google Account).

    • Security key
      The passkey is stored within a security key provided by various security vendors. This is also referred to as a cross-platform authenticator or roaming authenticator.
      During registration and authentication, you will be prompted to authenticate using the fingerprint sensor built into the security key or via PIN authentication.
      While USB-connected devices are the mainstream option, there are also devices that connect to the device using BLE or NFC.

    • Smartphone/Tablet
      Passkeys are stored on a smartphone or tablet other than the device being used. This is called hybrid authentication.
      During registration and authentication, a QR code displayed on the device being used is scanned with a smartphone to store the passkey on the smartphone.
      Authentication is required using the authentication mechanism built into the smartphone (fingerprint sensor, face recognition, etc.) or a PIN.
      Depending on the implementation of the smartphone OS, the passkey may be stored as a synchronized passkey using an account provided by the OS vendor (e.g., Apple Account, Google Account).

    • Passkey Provider
      If you are using a service that provides synchronized passkeys, you can store the passkey in the account of that service.
      For more details, please refer to the manual of each passkey provider service.

  6. If the registration is successful, the passkey is added to the list of registered passkeys.