Forum Discussion
FIDO2 as MFA token
Is it or will it be possible to use a FIDO2 key as an MFA token? (instead of passwordless signin) Thanks!
>> I don't understand why you would want to get the OTP code otherwise, using passwordless auth is much simpler and more secure.
True, but we are facing some limitations where a security key with PIN would be an easy to use MFA token:
1. In some auth flows we don't see the option to use a security key to log on. (eg If you do a Connect-AzureAD you can use a github account, but you don't get an option to sign in using a security key.)
2. We want to our users to register for MFA. Those without a smartphone would be offered a yubikey. But apparently you can't register a security key unless you register another MFA method (authenticator/phone/email) first.
Bart
Hi, can’t say anything about the nr 1 as it’s very brief. I’m sure you’ve checked the prerequisites. 2. Yep.
But as it’s a preview they really want to hear from you 🙂 https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key#troubleshooting-and-feedback
But as it’s a preview they really want to hear from you 🙂 https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key#troubleshooting-and-feedback
