Forum Discussion
Authentication Methods - FIDO2 & Authenticator Not Working Together
JosvanderVaart Kidd_Ip : Thanks Jos and Kidd for looking into this for me. Greatly appreciated.
I think I figured a way around.
1. When I get to the "Sign in with your passkey" dialog, where it offers only passkey and security key, I click on "Cancel". (I have a security key setup, but I still want the option to sign in with Authenticator, in case the security key is not available.)
2. It gives an error message, but also offers other ways to sign in.
3. Next, I have the Authenticator option.
Overall, it works. It is just that it is not an intuitive way to go about it.
Thanks again for your help.
mario
JosvanderVaart Kidd_Ip : Thanks Jos and Kidd for looking into this for me. Greatly appreciated.
I think I figured a way around.
1. When I get to the "Sign in with your passkey" dialog, where it offers only passkey and security key, I click on "Cancel". (I have a security key setup, but I still want the option to sign in with Authenticator, in case the security key is not available.)
2. It gives an error message, but also offers other ways to sign in.
3. Next, I have the Authenticator option.
Overall, it works. It is just that it is not an intuitive way to go about it.
Thanks again for your help.
mario
Mario_Morel Mario, I agree...it is not an intuitive way to go about it. In my organization, we're transitioning from Cisco Duo to Microsoft. Management has decided to give users the Either/Or option since having both methods registered in your MFA profile, will prompt to an error before choosing "Other ways to sing in". So our end users will either choose authenticator app + recovery method (email OTP), or FIDO2 Key + recovery method.
In Cisco Duo, both registered methods worked smoothly, plus the Geographical Location map is more accurate than the Microsoft map. Accuracy is important if you're trying to teach end-users to be vigilant of the login location.
Thanks for your comment, Hernan. We went through conversion from Duo to Authenticator a couple of years ago. We really liked Duo and it was sad at the time. But once things stabilized, we felt it was the right thing to do. I hope it will be the same with your organization.
And yes too about giving a FIDO2 key option to some users. We had people working in an industrial plant, and just having a key with them was so much easier.