undefined | Better HN

0 points4ad1y ago0 comments

If you use Google Workspace you can set 2FA directly from the admin console, so you don't need to disable FIDO2 on the key. Does not help with gmail, though.

0 comments

graton1y ago

Not in my experience. In the Admin console I said do not use Passkey and it still created it as a Passkey :( This was about a month ago, so maybe they fixed it. Turning off FIDO2 made things work.

4adOP1y ago

If you add a FIDO2 key as a security key in the admin console, it will show as a "passkey" in Google account settings, but it will actually be a non-resident key used only for 2FA and won't be able to be used for anything more than that.

Keys that do not support resident keys (or when you turn FIDO2 off) show differently in Google account settings which makes it all very confusing. The UX is inexcusable, really.

As a side note, turning on Advanced Protection also turns off passkeys.

j / k navigate · click thread line to collapse

0 comments

graton1y ago

Not in my experience. In the Admin console I said do not use Passkey and it still created it as a Passkey :( This was about a month ago, so maybe they fixed it. Turning off FIDO2 made things work.

4adOP1y ago

Keys that do not support resident keys (or when you turn FIDO2 off) show differently in Google account settings which makes it all very confusing. The UX is inexcusable, really.

As a side note, turning on Advanced Protection also turns off passkeys.

j / k navigate · click thread line to collapse