Skip to content
Bifrost Docs
Docs
Passkeys (WebAuthn)

Passkeys (WebAuthn)

Passwordless authentication with passkeys

Set up passwordless login using passkeys (WebAuthn) for secure, convenient authentication.

What Are Passkeys?

Section titled “What Are Passkeys?”

Passkeys are a modern authentication method that replaces passwords:

  • Secure: Based on public key cryptography
  • Phishing-resistant: Bound to specific domains
  • Convenient: Use fingerprint, face, or device PIN
  • Cross-platform: Works on computers and mobile devices

Enable Passkeys

Section titled “Enable Passkeys”

  1. Log in with your existing method (email/password or SSO)

  2. Go to Settings > Security

  3. In the Passkeys section, click Add Passkey

  4. Follow your browser/device prompts:

    • Touch fingerprint sensor
    • Use Face ID
    • Enter device PIN

  5. Name your passkey (e.g., “MacBook Pro”, “iPhone”)

  6. Passkey is registered

Login with Passkey

Section titled “Login with Passkey”

  1. Go to the login page

  2. Click Sign in with Passkey

  3. Select your passkey from the browser prompt

  4. Authenticate with fingerprint/face/PIN

  5. You’re logged in

Managing Passkeys

Section titled “Managing Passkeys”

View and manage your passkeys in Settings > Security:

  • View registered passkeys: See all devices
  • Rename passkeys: Give meaningful names
  • Delete passkeys: Remove compromised or old devices

Device Support

Section titled “Device Support”
PlatformAuthentication Method
macOSTouch ID, Apple Watch
WindowsWindows Hello (PIN, fingerprint, face)
iOS/iPadOSFace ID, Touch ID
AndroidFingerprint, face, PIN
Security KeysFIDO2 hardware keys

Security Considerations

Section titled “Security Considerations”
  • Domain-bound: Passkeys only work on the correct domain
  • No shared secrets: Private key never leaves your device
  • Backup options: Keep multiple passkeys registered
  • Recovery: Ensure you have an alternative login method

For Administrators

Section titled “For Administrators”

Enable/Disable Passkeys

Section titled “Enable/Disable Passkeys”

Passkeys are enabled by default. Platform admins can configure authentication options in system settings.

User Management

Section titled “User Management”

View users’ registered passkeys in user management. Admins can:

  • See how many passkeys a user has registered
  • Assist users who lose access
  • Revoke passkeys if needed

Troubleshooting

Section titled “Troubleshooting”

Passkey Not Recognized

Section titled “Passkey Not Recognized”
  • Ensure you’re on the correct domain
  • Try a different browser
  • Check if the device supports WebAuthn

Can’t Register Passkey

Section titled “Can’t Register Passkey”
  • Update your browser to latest version
  • Ensure platform authenticator is enabled
  • Try using a hardware security key

Lost All Passkeys

Section titled “Lost All Passkeys”
  • Use alternative login method (password, SSO)
  • Contact administrator for account recovery
Built & designed by shadcn. Ported to Astro Starlight by Adrián UB. The source code is available on GitHub.
Home

About

What is Bifrost? Why Open Source? License (AGPL)

Getting Started

Installation Guide For Non-Developers Build Your First Workflow Create Dynamic Forms Integrations

Core Concepts

Platform Overview Workflows Forms Workflow Discovery Permissions Scopes App Builder (Experimental)

How-To Guides

Reference

Troubleshooting

OAuth Workflow Engine Forms