Is it possible to use “Custom Login Page” along with “Identifier First + Biometrics”. As i found that Custom Login Page must be disabled when passkeys are used as an authentication method.
Does Biometics uses Passkeys?
Hi @naresh.seth,
Welcome to the Auth0 Community!
It is not possible to use a Custom Login Page with Identifier First + Biometrics as Identifier First + Biometrics only works with the New Universal Login Experience. Using a Custom Login Page enforces the Classic Experience for login.
Please see this Community solution discussing the differences between Identifier FIrst + BIometrics and Passkeys: Difference between passkeys and Id first + biometrics flow
Best,
Mary Beth
Content from Article you mentioned.
At a high level they are 2 distinct approaches to authentication:
- Passkeys are a form of passwordless login using cryptographic keys.
- Identifier first + Biometrics relies on a user entering a username, email, etc. and subsequently physical traits for identity verification.
While passkeys can be used independently of biometrics, combining them enhances security, ensuring that the cryptographic keys are only accessible to the biometrically authenticated user.
Does it mean, id first + Biometrics uses Passkeys in the flow. I am asking this question, as i am about to use partials and warning says, passkeys will not work if we use Partials.
“Data capture is available for database connections authenticated by password . When using a passwordless connection, data capture is available when authenticating by email or SMS one-time password. Passkeys and magic links are not yet supported.”
Hi @naresh.seth,
I gathered some more information internally about this. Please see the below:
Expected Behavior
Passkeys are not intended to complement Identifier First + Biometrics but are designed to replace it. Passkeys offer an enhanced experience because they are multi-device credentials, meaning they sync across devices, unlike WebAuthn-platform biometrics used in Identifier First + Biometrics.
Scenario Breakdown
-
Scenario One (Blocked Passkey Enablement)
When enabling Identifier First + Biometrics, the system correctly prevents enabling Passkeys. This is because the two configurations are not meant to be used together. The blocking behavior is expected and intentional. -
Scenario Two (Circumvention)
By first enabling Passkeys under Identifier First and later switching to Identifier First + Biometrics, the configuration seems to retain both. This inconsistency appears unintentional and may be due to a gap in validation logic. I recommend avoiding this workflow, as it is not aligned with the recommended authentication flow.
Recommendation without using Partials
The ideal configuration is Identifier First + Passkeys. It provides the same biometric authentication experience (via Passkeys) with the added advantage of multi-device support. This setup delivers a more robust and user-friendly login experience compared to Identifier First + Biometrics.
Recommendation with using Partials
You can safely use Identifier First + Biometrics with a database without using Passkeys to then use Partials.
Please let me know if you have any additional questions!
Thanks,
Mary Beth
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.