> ## Documentation Index
> Fetch the complete documentation index at: https://docs.truu.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Enable Passkey (FIDO2)

> This is a step-by-step guide as to how to enable passkey for your organization

# Enable Passkey (FIDO2) for your organization

### Requirements

* Passkey (FIDO2) authentication requires compatible devices. For **Windows** devices joined to **Microsoft Entra ID**, the best experience is on **Windows 10 version 1903 or newer**. **Hybrid-joined** devices need to be running **Windows 10 version 2004 or later**.

### Steps

* Sign in to your **Entra ID Admin Portal**, go to the "**Entra ID**" dropdown menu, and select **Authentication Methods**, then click **Policies**.

<img src="https://mintcdn.com/truu-2/rjjBxA7Z_Wk_-34G/images/docs/f5e427642fe6911e7054ed286a7853cd190a1d34da27a332c26ac33e0bdc585f-21.png?fit=max&auto=format&n=rjjBxA7Z_Wk_-34G&q=85&s=1047b26654e9c7ed8a63e05d559c4b28" alt="" width="1924" height="814" data-path="images/docs/f5e427642fe6911e7054ed286a7853cd190a1d34da27a332c26ac33e0bdc585f-21.png" />

* In the "**Passkey (FIDO2)**" method, toggle the setting to **Enable**. Then, choose **All users** or select **Add groups** to specify particular groups. **Only security groups are supported.**

<img src="https://mintcdn.com/truu-2/qCK1oWL4jNpZKJ8A/images/docs/91ed0318541747c60996e8081b98b913e4b475ff4cb0c7c1cf2cfa413ceb49b0-22.png?fit=max&auto=format&n=qCK1oWL4jNpZKJ8A&q=85&s=bd0c417e7a5c22037191d05817c58eb9" alt="" width="1522" height="814" data-path="images/docs/91ed0318541747c60996e8081b98b913e4b475ff4cb0c7c1cf2cfa413ceb49b0-22.png" />

**NOTE:** TruU recommends targeting a test group during any POC

* On the same page, click on the **Configure** tab, set "**Allow self-service setup**" to "**Yes**". If set to No, users will not be able to register a passkey through Security Info, even if Passkeys (FIDO2) are enabled via the Authentication Methods policy.
* Set **"Enforce attestation"** to **"No"**. Since TruU is still working on certification for Microsoft Passkey provider attestation, leave it set to No for now.

<img src="https://mintcdn.com/truu-2/ehCBQgFdl_pQd0MN/images/docs/b696bbe9dc55c3aa089f9f3a55ad0ae42924c30ceb841d9adb5b5825dcf3129a-1111.png?fit=max&auto=format&n=ehCBQgFdl_pQd0MN&q=85&s=5b593b84bbbdbf20e8f207a0c4b1e4b8" alt="" width="1525" height="817" data-path="images/docs/b696bbe9dc55c3aa089f9f3a55ad0ae42924c30ceb841d9adb5b5825dcf3129a-1111.png" />

* Set "**Enforce key restrictions**" to **Yes**.
* Set **Restrict specific restrictions** to **Allow**
* Click **Add AAGUID** and enter the following TruU AAGUID: **ba86dc56-635f-4141-aef6-00227b1b9af6**.

<img src="https://mintcdn.com/truu-2/0zTsJHKKI2cGP3Gv/images/docs/fa2ddfc283ab4de5e849c03fd774a23fed769214b3a2eea14be0e4ecdd3d3888-image.png?fit=max&auto=format&n=0zTsJHKKI2cGP3Gv&q=85&s=a6d42b84921bf372db2ecee5a95e0d40" alt="" width="1364" height="880" data-path="images/docs/fa2ddfc283ab4de5e849c03fd774a23fed769214b3a2eea14be0e4ecdd3d3888-image.png" />

* Save these settings to finalize the changes made.

***

[Enable FIDO2 security key sign-in for Windows](/docs/enable-fido2-security-key-sign-in-for-windows)