WebAuthN Biometrics for a subset of users

tomgillthg · August 14, 2024, 8:01am

I want to enable biometrics but only for users with a certain role. For the users not within this role, they should not have the option to enroll in biometrics at all. I can’t find a how to get around this WebAuthN Limitation.

rueben.tiow · August 27, 2024, 4:23pm

Hi @tomgillthg,

Welcome to the Auth0 Community!

I recommend using a Post-Login Action to conditionally enable WebAuthN Device Biometrics for a subset of users with a certain role.

Here is an example you could use for your use case:

exports.onExecutePostLogin = async (event, api) => {
  if(event.authorization.roles === "Admin"){
    api.authentication.challengeWith({type:'webauthn-platform'})
  }
};

Let me know if you have any questions.

Thanks,
Rueben

system · September 10, 2024, 4:23pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Users prompted for biometrics MFA after they already declined biometrics for login Knowledge Articles user , biometrics , identifier-first-biometrics	1	721	September 1, 2023
Biometrics MFA enabled, but seeing error "No confirmed authenticators for the enabled factors" Knowledge Articles	1	895	September 15, 2023
Custom MFA Enrollment and WebAuthn issues Knowledge Articles webauthn , mfa-enrollments	1	11	September 26, 2024
Redirect to webauthn-platform enrollment Help login-experience , new-universal-login-experience	3	534	May 3, 2024
Disable WebAuthn for specific applications Feedback signup , biometrics , webauthn , identifier-first-biometrics	1	890	September 7, 2023

WebAuthN Biometrics for a subset of users

Related topics