UniFi Identity Enterprise - Set Up Passkeys
Passkey, a phishing-resistant alternative to passwords, is a cryptographic entity that provides a faster, easier, and more secure sign-in experience. Each passkey is unique to the specific website or app it is created for, thereby protecting against phishing, man-in-the-middle attacks, brute force attacks, credential stuffing, and other malicious activities. You can use it to verify your UniFi Identity Enterprise account without entering your account email and password.
Requirements
- Make sure your devices and browsers meet the following requirements. It’s highly recommended to update your device and browser to the latest version to ensure optimal experience.
- Desktop or laptop OS version
- Windows 10 or later
- macOS Ventura or later
- ChromeOS 109 or later
- Mobile device OS version
- iOS 16 or later
- Android 9 or later
- iPadOS 16
- Browser version
- Chrome 109 or later
- Safari 16.1 or later
- Edge 109 or later
- Desktop or laptop OS version
- Make sure your devices have screen lock and Bluetooth enabled.
Supported Passkeys
Notes:
- Make sure you have set up the passkeys on your device before setting them up in UniFi Identity Enterprise.
- Some passkeys may be unavailable on some browsers. Make sure you have met the requirements mentioned above.
- FIDO2 security keys
- Touch ID on macOS
- Face ID and Touch ID on your iPhone or iPad Pro
- Android Biometrics on the devices including but not limited to:
- Fingerprint and Face Unlock on Pixel
- Fingerprint and Facial Recognition on Samsung
- Windows Hello
- Auto Unlock on Apple Watch
Passkeys Synchronization
Passkeys synchronization varies across different operating systems. If synchronization is not supported, you can use a security key or set up passkeys on your phone or tablet (eg., Set up Face ID on your iPhone or iPad Pro) to enjoy hassle-free password sign-in across all of your devices.
- Security Keys: Can be authenticated across USB or NFC-enabled devices.
-
macOS:
- Passkeys created on Safari are stored in the iCloud Keychain. You can use Touch ID across devices by signing in to Safari on different macOS devices with the same iCloud account.
- Passkeys created on Chrome and Edge are stored within the respective browsers and cannot be utilized across devices. If you change the password on the device where you originally created the passkeys, passkeys become invalid. To continue using passkeys, you must re-create them on that specific device.
- iOS: Passkeys are stored in the iCloud Keychain. They can be used across iOS 16, iPadOS 16, and macOS Ventura devices by signing in to these devices with the same iCloud account.
-
Android:
- If you have Android devices with Google Mobile Services (GMS) support and they are signed in with the same Google account, your biometric data will be stored in the Google password manager and can be used across devices.
- If GMS support is not available, you can only use the passkeys on the local device.
- Windows: Browsers on Windows store passkeys in Windows Hello, which do not synchronize them across multiple devices.
Create Passkeys
Set Up Touch ID on Mac
- Set up Touch ID on your Mac.
-
Sign in to your Identity Enterprise Workspace (https://[your workspace domain].ui.com).
- Click your profile picture in the upper-right corner and select Manage Your Account > Security > Multi-factor Authentication.
- Click Add New MFA Method and select Passkeys.
- Verify your account.
- Click Continue to set up a passkey on this device.
- Click Continue to confirm you want to create a passkey for your workspace.
- Place your finger on the Touch ID sensor if a window prompts to ask you to verify your identity.
- Name this passkey and click Done.
- Make sure Use Touch ID to unlock your Mac is enabled in your Mac device’s System Settings or System Preferences > Touch ID & Password.
Set Up Face ID on iPhone or iPad Pro
Note: Make sure both devices are connected to the internet and have Bluetooth enabled during passkey setup.
- Set up Face ID on iPhone or iPad Pro devices.
-
Sign in to your Identity Enterprise Workspace (https://[your workspace domain].ui.com).
- Click your profile picture in the upper-right corner and select Manage Your Account > Security > Multi-factor Authentication.
- Click Add New MFA Method and select Passkeys.
- Verify your account.
- Click Use Another Device.
- Use your iPhone or iPad Pro’s camera to scan the QR code shown on the screen.
- Tap Save a passkey on your camera.
- Follow the on-screen instructions on your iPhone or iPad Pro to set up a passkey.
- Name this passkey and click Done.
Set Up Windows Hello
- Set up Windows Hello on your Windows PC.
-
Sign in to your Identity Enterprise Workspace (https://[your workspace domain].ui.com).
- Click your profile picture in the upper-right corner and select Manage Your Account > Security > Multi-factor Authentication.
- Click Add New MFA Method and select Passkeys.
- Verify your account.
- Click Continue to set up a passkey on this device.
- Follow the on-screen instructions to verify your account using your facial recognition, fingerprint, or PIN.
- Name this passkey and click Done.
Set Up FIDO2 Security Key
-
Sign in to your Identity Enterprise Workspace (https://[your workspace domain].ui.com).
- Click your profile picture in the upper-right corner and select Manage Your Account > Security > Multi-factor Authentication.
- Click Add New MFA Method and select Passkeys.
- Verify your account.
- Click Use Another Device > Use a different device > USB security key.
- Insert your security key and touch its gold contact.
- Set up a PIN and click Next.
- Name this passkey and click Done.