Forum Discussion
Doubt about passwordless authentication
JosvanderVaart Not really. When you are trying to authenticate to Entra ID, the Entra ID creates something called publicKey Options. The public Options contain three major fields, 'challenge', 'rpId', and 'UserVerification'. The challenge is a random cryptographic challenge. The UserVerification governs whether the PIN is required. UserVerification can have any one of the three values 'required', 'preferred' or 'discouraged'. If it is required or preferred, Windows asks for the Pin of the Yubikey. If it is 'discouraged', it doesnt. I tried to inspect the publicKey options created by Entra ID and it always contains UV to be 'required', that enforces the PIN. If there is a way for Entra ID to create the publicKey options with UV 'discouraged', it wont ask for the pin. I am asking whether there is a way to configure that.
(Reference: Web Authentication API from MDN docs)