Apple PassKeys Attestation
Use the Passkey Attestation configuration to configure the device to allow WebAuthn enterprise attestation for certain passkeys.
When the user uses a Passkey to authenticate and register their devices, the Apple Passkey Attestation configuration uses an Enterprise Managed Credential to attest the passkey with a corporate certificate. Supported credentials include SCEP, ACME, and Identity credentials.
The Passkey Attestation supports the following:
-
Minimum supported operating system versions: macOS 14
-
Supported enrollment methods: Device Enrollment
-
Managed Apple Accounts are required to control syncing of passkeys.
-
Can be used in conjunction with Access Management from ABM.
Passkeys payload fails on Mac.
When creating a Passkey Configuration, you must first create an Identity Certificate Configuration, and link that to Passkey Configuration. Also, provide the following details in Security Passkey Attestation Configuration section:
|
Field |
Description |
|---|---|
|
Name |
Name of the passkey. |
|
Description |
Any information about the configuration. |
|
Attestation Identity Asset Reference
|
Provide the asset reference identity that you have created to link to the Passkey Configuration. Select this option to confirm if the identity key is extractable. |
|
Relying Parties |
Enter the details for authenticated domains. |