Challenges with Configuring Passkeys During Onboarding

By
Isaac Ortega
-
0
11
Asked By TechGuru88 On

Hi everyone! I'm seeking some advice regarding our user onboarding process. We've recently set up Windows Hello for Business (WHfB) PIN sign-up and are trying to register a passkey on users' mobile devices during their initial setup. However, we keep running into issues with this process.

The steps we currently follow are: 1) Provision the user account and assign a complex password, 2) Set a temporary access pass, 3) Log in as the user using the temporary access pass and their configured WHfB PIN, 4) Navigate to the Microsoft security page to set up Microsoft Authenticator for two-factor authentication, 5) Finally, we attempt to configure a passkey on their device from the same page, but we're facing constant errors and timeouts, or it seems to conflict with the existing WHfB passkey.

In contrast, when we onboarded our existing users, they set up their WHfB PIN first, reset their passwords, and were able to establish their passkeys without issues. I'm not sure where we're going wrong here. Would appreciate any tips! Thanks!

4 Answers

Answered By CloudTechie On

We've found that using Microsoft Authenticator for passkeys works well, and it's usually a smooth setup—taking only a couple of minutes. Just ensure you have cloud PKI set up in Entra for the best experience. Also, it’s good to have FIDO as a backup option.

Answered By AdminWiz42 On

You might want to start the setup on their mobile device instead of the web portal. We've had great success using the Temporary Access Pass (TAP) for direct mobile setup rather than dealing with the account page. It has worked for our team of over 400 users who are all using passkeys.

Answered By InsightfulAdmin On

Given the challenges you're facing with new users, I’d suggest skipping passkeys for now. They seem to still have some issues to iron out. Just focus on using Microsoft Authenticator for passwordless sign-ins and set up their MFA tokens there instead.

Answered By UserSupport101 On

The process you’ve described can be a bit tricky due to session conflicts. After setting up WHfB, make sure the users completely sign out before they log back in with their PIN. Then they can navigate to the security page to set up their mobile passkey. Also, consider starting the passkey creation from the Microsoft Authenticator app on their phone instead of the PC; this might help avoid any browser issues.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.