goauthentik · melizeche · Feb 21, 2025 · Feb 21, 2025 · Feb 21, 2025
@@ -154,7 +154,7 @@ Possible options:
 - `token` (Authenticated via API token)
 - `ldap` (Authenticated via LDAP bind from an LDAP source)
 - `auth_mfa` (Authentication via MFA device without password)
-- `auth_webauthn_pwl` (Passwordless authentication via WebAuthn)
+- `auth_webauthn_pwl` (Passwordless authentication via WebAuthn / Passkeys)
 - `jwt` ([M2M](../../../providers/oauth2/client_credentials.mdx) authentication via an existing JWT)
 
 ##### `auth_method_args` (dictionary)

@@ -33,7 +33,7 @@ You can configure this stage to only ask for MFA validation if the user hasn't a
 Firefox has some known issues regarding TouchID (see https://bugzilla.mozilla.org/show_bug.cgi?id=1536482)
 :::
 
-Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics. For an alternate passwordless setup, see [Password stage](../password/index.md#passwordless-login), which supports other types.
+Passwordless authentication currently only supports WebAuthn (Passkeys) devices, like security keys and biometrics. For an alternate passwordless setup, see [Password stage](../password/index.md#passwordless-login), which supports other types.
 
 To configure passwordless authentication, create a new Flow with the designation set to _Authentication_.
 

@@ -1,7 +1,9 @@
 ---
-title: WebAuthn authenticator setup stage
+title: WebAuthn / Passkeys authenticator setup stage
 ---
 
+<span class="badge badge--version">authentik 2021.3.1+</span>
+
 This stage configures a WebAuthn-based Authenticator. This can either be a browser, biometrics or a Security stick like a YubiKey.
 
 ### Options

@@ -9,7 +9,7 @@ title: Create an LDAP provider
     Note the DN of this user will be `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`
 
 :::info
-Note: The `default-authentication-flow` validates MFA by default, and currently everything but SMS-based devices and WebAuthn devices are supported by LDAP. If you plan to use only dedicated service accounts to bind to LDAP, or don't use SMS-based authenticators, then you can use the default flow and skip the extra steps below and continue at [Create LDAP Application & Provider](#create-ldap-application--provider)
+Note: The `default-authentication-flow` validates MFA by default, and currently everything but SMS-based devices and WebAuthn (Passkeys) devices are supported by LDAP. If you plan to use only dedicated service accounts to bind to LDAP, or don't use SMS-based authenticators, then you can use the default flow and skip the extra steps below and continue at [Create LDAP Application & Provider](#create-ldap-application--provider)
 :::
 
 ### LDAP Flow

@@ -145,7 +145,7 @@ This includes the following:
         }
         ```
 
-    - `auth_webauthn_pwl`: Password-less WebAuthn login
+    - `auth_webauthn_pwl`: Password-less WebAuthn / Passkeys login
     - `jwt`: OAuth Machine-to-machine login via external JWT
     - `app_password`: App password (token)
 

@@ -73,7 +73,7 @@ authentik
 │   ├── authenticator_static - Configure TOTP backup keys
 │   ├── authenticator_totp - Configure a TOTP authenticator
 │   ├── authenticator_validate - Validate any authenticator
-│   ├── authenticator_webauthn - Configure a WebAuthn authenticator
+│   ├── authenticator_webauthn - Configure a WebAuthn / Passkeys authenticator
 │   ├── captcha - Make the user pass a captcha
 │   ├── consent - Let the user decide if they want to consent to an action
 │   ├── deny - Static deny, can be used with policies