Authenticating Users with Passkeys

Illumio Core supports logging users into Illumio Console with passkeys. A passkey is a secure credential, such as a device PIN or biometrics, that enables a user to log in without a password. A passkey uses an authenticator to capture and communicate the credential to the client running Illumio Console

This reference guide describes how to configure passkey authentication settings in Illumio Console as an Owner.

Enabling or disabling passkeys

Tip

Only users with the Owner role can enable or disable passkey authentication.

Passkey authentication is enabled as the default authentication method.

To toggle between enabling and disabling passkey authentication, use the toggle button at the top of the Passkeys window in Illumio Console:

From the Console menu, go to Access > Authentication.
In the Authentication window, click PASSKEYS to open the Passkeys window.
The top of the Passkeys window has a banner displaying the state of passkey authentication.
Click Disable (or Enable) to open a Disable Passkey (or Enable Passkey) popup.
In the popup, click Disable (or Enable) to confirm toggling passkey authentication.
Important
After an Owner disable passkeys, users who had passkey authentication won't be able to login with passkeys, and Illumio won't automatically provide the option to use password authentication. An Owner can restore password access for these users.

Configuring passkey settings

Tip

Only users with the Owner role can configure passkey authentication settings.

To configure passkey authentication settings in Illumio Console :

From the Console menu, go to Access > Authentication.
In the Authentication window, click PASSKEYS.
In the Passkeys window, click Edit.
Configure the passkey settings:
- Allowed Transports - Set your allowed passkey authenticator transports.
- Resident Key Requirement - Set whether credentials are stored on the passkey authenticator.
- Authenticator Attachment - Set your allowed passkey authenticator attachment type.
- Require User Verification - Set whether users must perform a verification gesture during authentication.

Passkey settings

This section describes the available passkey authentication settings.

Allowed transports

The Allowed Transports setting configures one or more passkey authenticator transports to allow for users.

Select one or more of the available transports:

Bluetooth Low Energy
Cable
Hybrid
Internal
NFC
Smart Card
USB

Resident key requirements

The Resident Key Requirements setting controls whether or not credentials are stored on a passkey authenticator itself.

Choose one of the following options:

Required - Credentials must be stored on the device for password-less login.
Preferred - Use resident key if supported.
Discouraged - Don't use resident keys. Requires username at login.

Authenticator attachment

The Authenticator Attachment setting configures the supported type of authenticator attachment.

Choose one of the following options:

Platform - Only built-in devices are supported.
Cross Platform - Only external devices are supported.
Unset - Both platform (built-in) and cross-platform (external) devices are supported. The client (browser) decides which device to use.

Require user verification

The Require User Verification setting configures whether users are required to perform a verification gesture during authentication.

Choose one of the following options:

True - Require a verification gesture during user authentication.
False - Skip verification gesture, if not needed.