

On the Setup tab, click Actions in the FIDO2 (WebAuthn) row and select Edit.You must add FIDO2 (WebAuthn) as an authenticator before you can create an authenticator group. If the authenticator you're searching for isn't in the list, click the Learn to register an authenticator with FIDO link at the top of the page.To search for a specific Okta-recognized authenticator, click in the search field and start typing the authenticator name or Authenticator Attestation Global Unique Identifier (AAGUID) number.Click View list of Okta-recognized authenticators.On the Setup tab, click Actions in the FIDO2 (WebAuthn) row and then select Edit.You must add FIDO2 (WebAuthn) as an authenticator before you can view the list of authenticators. This list is provided by the FIDO Metadata Service. Search the list of authenticators to see which ones are supported by Okta, their type, FIPS compliance status, and hardware protection status.

To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features. View the list of Okta-recognized WebAuthn authenticators If the user only sets up one security key or biometric authenticator in one browser, they can't complete authentication if the browser blocks the security key or biometric authenticator, or if the device is lost. Encourage your end users to create FIDO2 (WebAuthn) enrollments in multiple browsers and on multiple devices.If the user only has one authenticator set up and it's on their mobile phone, they can't complete authentication if the phone is lost.


Click Add on the FIDO2 (WebAuthn) tile.On the Setup tab, click Add Authenticator.In the Admin Console, go to Security Authenticators.
