How to add a security key

Before adding a security key (WebAuthn), check if you already have at least one authentication code (TOTP) registered and one of the following:

  • a physical security key (so-called "key fob")

  • a device with a security key function

  • an application which serves as a security key (e.g. tpm-fido or a password manager with passkey function)

Decide which security key option to use (we recommend creating a security key for all your devices). If you're not sure which option to choose for each device, you can try our Which MFA is right for me? MFA Guide .

More information about the different types of security keys can be found here:

You can use Google Passkeys on your phone or computer. However, you need to set them up separately on each device.

Phone:
You can use Google Passkeys on your Android smartphone on Chrome, Edge, Opera or Vivaldi browsers. You need your Google account in that browser to do this.

Computer:
It is also possible to use Google Passkeys on your computer. You need to have Windows or macOS operating system and use the Chrome browser with your Google account.

https://developers.google.com/identity/passkeys

This option is for Android devices only and only works with Firefox browser. To create an Android security key, simply follow the instructions below. Everything must be done in Firefox. Each device must be set up separately.

This option is for MacBooks, iPads and iPhones. The security key is created using TouchID or FaceID. Each device must be set up separately.

iPhone: https://support.apple.com/en-gb/guide/iphone/iphf538ea8d0/ios

Mac: https://support.apple.com/en-gb/guide/mac-help/mchl4af65d1a/mac

How to set up security keys in ProxyIdp:

1

Open the Token Management System

2

Make sure that you already have at least one verification code device (TOTP) enrolled and have your backup codes generated. If not, enroll verification code (https://perunaai.atlassian.net/wiki/spaces/PERUN/pages/202539070) and generate backup codes (https://perunaai.atlassian.net/wiki/spaces/PERUN/pages/202440793), then continue to the next step.

3

Click the Enroll Token button.

4

Select the security key option and enter a description (e.g. key‑fob manufacturer or phone model). The description serves only as your name for the token.

Continue with the Continue button.

5

A dialogue box (system or browser) will appear, prompting you to confirm.

Take the appropriate action depending on the type of security key:

6

If the registration was successful, you will be informed that the token is enrolled. Click the Finish button.

 

You can add any number of additional verification codes or security keys. We strongly recommend the registration of at least two devices.

Support: perun@cesnet.cz