Skip to main content
Skip table of contents

Passkeys

What Are Passkeys?

Passkeys are a modern, passwordless authentication method designed to replace traditional passwords with a more secure and user-friendly solution. Developed based on the FIDO2 and WebAuthn standards, passkeys allow users to log in to websites and apps using biometrics (fingerprint, face scan) without needing to remember or manage passwords.

Passkeys in Veridium

Sign in with Passkey

  • The platform introduces a “Sign in with passkey” button, improving user experience by enabling passwordless, username-less sign-ins:

    • Utilizes discoverable (resident) credentials, meaning the authenticator identifies the user without requiring a prior username input.

    • Initiates an “Opportunity” session (identity-less), then binds the authenticated user after successful passkey validation.

FIDO-Certified Authenticator & Device-Bound Passkeys

Veridium mobile application acts as a certified FIDO2 passkey provider: It generates and securely stores device-bound credentials (i.e., private keys that never leave the device) compliant with FIDO and WebAuthn standards. This ensures strong, phishing-resistant authentication.

Native Biometrics & PIN with Policy-Driven Offline Support

  • Veridium leverages the device’s native biometrics (e.g., fingerprint, face ID) and PIN-based authentication for user verification.

  • Administrators may allow usage of Veridium PIN usage in Passkey scnearios are managed synchronized to the device for offline use.

Microsoft Entra Passkeys

  • Veridium supports passkey enrollment into Microsoft Entra ID:

    • During enrollment, Veridium’s mobile app generates FIDO2 credentials and registers them directly with Microsoft Entra ID, making the passkey available as an authentication method in Microsoft Entra.

    • This automatic enrollment ensures that passkeys created via Veridium are fully managed within the enterprise identity infrastructure.

Lifecycle Management & Revocation

Passkey lifecycle is centrally managed:

  • When a device is deregistered in Veridium, associated passkeys are automatically revoked including Microsoft Entra ID passkeys managed by Veridium, ensuring lost or compromised devices cannot authenticate.

  • Policies in Veridium Manager control passkey enrollment (mandatory or optional) and provide orchestration hooks for removal.

Veridium aligns with WebAuthn specifications, continuing evolution of its FIDO server to support enhanced security, interoperability, and standard compliance proving a robust, enterprise-grade passkey solution — blending local device-bound security, flexible biometric/PIN policies, seamless user experience.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close