Is it possible to disable the passkey enrollment screen when a user wants to signup? It should still need to be shown on subsequent logins, yet it is required for user to first set a password before enrolling a passkey?
Hi @mbosman
Thank you for reaching out to us!
Allow me some time to research this and I will be back with more information as soon as possible.
Best regards,
Gerald
Hi @mbosman
After doing some testing, the behaviour that you are looking to implement is not possible, as Passkeys are marked as an Authentication Method and not as an MFA. This is an important distinction as an Authentication Method indicates how a user can access their account through imposed methods, whereas MFAs are added on top to enhance the security.
If it’s an option for you, it is possible to implement the desired flow with an MFA instead, for example WebAuthn with Device Biometrics for MFA. An Action can be constructed to only prompt the user for enrollment in a MFA factor after the first login.
Hope this helped!
Gerald