How to add FIDO2 as a login method in Zero Trust?

I can’t find Hardware Keys or anything similar on this page. Is there any other way to add it?

1 Like

I don’t know how it should work. Basically, FIDO2 keys don’t store any data, so it doesn’t give you any way to tell how you are. In the FIDO2 challenge used in MFA, you’re receiving the package encrypted with your hardware key, so you can decrypt that and extract some data so you can prove you have the given key. If you’d like to authenticate with the FIDO2 key you’d need some kind of identifier first, like an email or username, so the system would know who are you. I’ve never heard of anyone doing this kind of authentication challenge TBH. I guess you can simply use GitHub (or another IdP that supports FIDO2) and use your hardware key as MFA.

1 Like