Passkey Settings
Passkeys can currently be configured through the Thinfinity Workspace Config Manager by navigating to the user profile Authentication tab> > Add > Passkey. Then, complete the corresponding setup form:
ID
This field cannot be left empty. The ID must match the domain that will be used in the Thinfinity Workspace URL, e.g., myDomain.com.
Name
This field must not be left empty.
User Verification
Preferred The Relying Party(*) prefers user verification for the operation if possible.
Discouraged The Relying Party does not want user verification to be used during the operation, for example, to minimize disruption to the user interaction flow.
Required The Relying Party mandates user verification for the operation.
Supported Public Key Algorithms
Choose supported Algorithms.
Attachment
Platform: Platform authenticators are limited to authenticating a user via a specific device (in the case of Windows Hello, the laptop running it).
Cross-platform: enables the establishment of a secure source for verifying the user’s identity and for delegating trust to specific devices in the user’s control.
Registration Hints
Security key: Indicates that the Relying Party believes that users will satisfy this request with a physical security key.
Client Device: Indicates that the Relying Party believes that users will satisfy this request with a platform authenticator attached to the client device.
Hybrid: Indicates that the Relying Party believes that users will satisfy this request with general-purpose authenticators such as smartphones.
Allow multi-devices passkeys
Allow the use of a Passkey on multiple devices.
Timeout (seconds)
Default is 0. (Applies to both registration and authentication ceremonies).
Attestation Type
None: Doesn’t require Attestation.
Direct: Allows your service to know the details of the devices being used with your service. Indirect: Get an attestation but allows the client to decide how to obtain attestation statements. The client may replace the authenticator-generated attestation statements with anonymous attestation statements to protect the user's privacy.
Allowed authentication models (AAGUIDs)
No restrictions.
Allow only these authenticator models.
Block these authenticator models.
FIDO Metadata Service: Perform periodic database updates
Enable or disable FIDO Metadata Service periodic database updates.
Last updated
Was this helpful?