Passkeys Settings
Customize your WebAuthn authentication from the Descope console (Settings > Authentication Methods > Passkeys).
All Settings
| Setting | Details |
|---|---|
| Top Level Domain | The domain (and all it's subdomains) in which end users can add biometric authentication |
| Enable method in API and SDK | This toggle switch enables or disables the authentication method from being available for use within API and SDK |
Additional Details
This section describes additional details about the configuration options available.
Top Level Domain
The top level domain for Biometrics (WebAuthn) restricts access to login via this method. This configured domain applies to the top level domain and all subdomains. By default, Descope parses the top level domain from the origin.
When you change the top level domain within the Descope UI for Biometrics (WebAuthn), you may invalidate previously created users if the updated domain does not match the domain the users were created. Users who have signed up via biometrics (WebAuthn) and have no other verified auth methods will no longer be allowed to log in. The affected users need to be deleted and recreated to remediate this issue. Users with other validated auth methods will still be able to sign up through those auth methods; however, when signing in via Webauthn, there may be a new Webauthn added.