Skip to main content
Authsignal’s pre-built UI provides an out-of-the-box solution for implementing passkeys. This includes:
  • Recovery flows for when a user doesn’t have a passkey available.
  • Uplift flows to accelerate passkey adoption.
  • Advanced controls for customizing the passkey experience.

Setup

To set up passkeys for your tenant, head to the passkey setup wizard in the Authsignal Portal. When asked to choose your implementation approach, select I’m using Authsignal’s pre-built UI.
A screenshot of the 'Choose your implementation approach' step in the passkey setup wizard.

Set up a custom domain

If you do not already have a custom domain, you will be prompted to add one.
A screenshot of the 'Set up a custom domain' step in the passkey setup wizard.
It is strongly recommended to use a custom domain for your passkey implementation.
If you proceed without a custom domain, your users’ passkeys will be associated with Authsignal’s domain and will not work outside of the pre-built UI. This can be problematic if you want to use passkeys for other applications e.g. in your sign in page as an alternative to username and password.

Choose recovery methods

To avoid a user being locked out of their account if they don’t have a passkey available, we strongly recommend setting up recovery methods. If enabled, a user has to have at least one recovery method enrolled before they can create a passkey.
A screenshot of the 'Choose recovery methods' step in the passkey setup wizard.

Uplifting users to passkeys

To accelerate passkey adoption, Authsignal will automatically prompt users who have enrolled a recovery method to create a passkey.
A screenshot of the passkey uplift prompt.
You can opt out of this behavior by disabling the passkey uplift prompt, or you can customize when it appears with actions/rules.

Advanced configuration

The pre-built UI comes with default settings optimized for the best passkey user experience. To customize the passkey experience, you can configure the following settings:
  • Authenticator attachment: Control which categories of authenticators can be used to create passkeys.
    • Platform: How the user unlocks their device (e.g. Touch ID, Face ID).
    • Cross-platform: Security keys or external devices via a QR code.
  • Registration hints: Communicate hints to the browser to help it determine the best authenticator to use during passkey creation.
    • Client device: Platform authenticators built into the device e.g. Touch ID, Face ID or passcode.
    • Security key: External security keys and hardware tokens.
    • Hybrid: Cross-device authenticators like smartphones.
For example, if you wanted to encourage users to use a physical security key you could set the authenticator attachment to Cross-platform and the registration hints to Security key. When creating a passkey, a user would first be prompted to use a security key and would not have the option to use a platform authenticator like Touch ID or Face ID.
Registration hints are currently an experimental feature and may not work in all browsers. Check browser support for more information.

Using in-app browsers on iOS and Android apps

To deliver the best passkey UX on iOS and Android apps we recommend using our Mobile SDKs. However, if you need to launch the pre-built UI inside an app-based browser then passkeys are also supported under the following conditions: