• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Company · Blog · Newsletter · Events · Partner Program

Downloads      Support      Security     Admin Login
Rublon

Rublon

Secure Remote Access

  • Product
    • Regulatory Compliance
    • Use Cases
    • Rublon Reviews
    • Authentication Basics
    • What is MFA?
    • Importance of MFA
    • User Experience
    • Authentication Methods
    • Rublon Authenticator
    • Remembered Devices
    • Logs
    • Single Sign-On
    • Access Policies
    • Directory Sync
  • Solutions
    • MFA for Remote Desktop
    • MFA for Remote Access Software
    • MFA for Windows Logon
    • MFA for Linux
    • MFA for Active Directory
    • MFA for LDAP
    • MFA for RADIUS
    • MFA for SAML
    • MFA for RemoteApp
    • MFA for Workgroup Accounts
    • MFA for Entra ID
  • Customers
  • Industries
    • Financial Services
    • Investment Funds
    • Retail
    • Technology
    • Healthcare
    • Legal
    • Education
    • Government
  • Pricing
  • Docs
Contact Sales Free Trial

How to enroll a FIDO2 Passkey for MFA?

September 17, 2024 By Rublon Authors

Last updated on October 16, 2024

Rublon MFA supports hardware- and software-bound passkeys, allowing a seamless login experience with top security. Refer to this guide to learn how to create a Passkey for your Rublon-integrated services and use it as the second authentication factor during multi-factor authentication.

Initial Passkey Enrollment Steps

These steps are the same for hardware- and software-bound passkeys and must be completed before proceeding to further sections of this guide.

Note

To sign in using your passkey, you must first create the passkey using the Manage Authenticators view or ask your administrator to send you an Enrollment Email.

1. Initiate login to your application.

To check if your application integrated with Rublon supports WebAuthn, refer to the list of supported applications. Note that both passkeys and FIDO2 security keys use WebAuthn, so the preceding list applies to both.

2. Provide your username and password.

3. Rublon Prompt appears.

4. Click Manage Authenticators.

5. To confirm your identity before proceeding, choose one of the available authentication methods.

6. After you confirm your identity with one of the available methods (e.g., Mobile Push), the Rublon Prompt will display the Manage Authenticators view.

7. Click Add Authenticator.

8. Select WebAuthn/U2F Security Key (hardware token) as your authenticator type and click Next.

9. The subsequent steps differ depending on whether you want to enroll a software-bound passkey or a hardware-bound passkey.

  • A hardware-bound passkey is a passkey you save on your FIDO2 Security Key.
  • A software-bound passkey is a passkey you generate using a tool like 1Password or Bitwarden and store in your filesystem.

Enroll a Software-Bound passkey

The following example illustrates creating and enrolling a software-bound passkey with Rublon MFA using 1Password. You can use any other Passkey Manager.

1. Ensure you have completed all steps from the Initial Passkey Enrollments Steps section.

2. After selecting WebAuthn/U2F Security Key (hardware token) as your authenticator type on the previous page of the enrollment wizard, a window should open, asking you to save the passkey. In our case, this is a 1Password window and we click Save.

Image showing 1Password asking the user to save passkey

3. After the newly-created passkey is saved, enter a name for your passkey and click Save.

Image showing 1Password successfully saving the passkey

4. You will be redirected to the Rublon Prompt. You can now sign in using your passkey.

Sign in Using a Software-Bound Passkey

1. To sign in using your software-bound passkey, choose the WebAuthn/U2F Security Key authentication method from the Rublon Prompt.

2. Your Passkey Manager’s sign-in window will appear, giving you the option to sign in using the passkey. In our case, this is a 1Password window and our passkey is stored in the operating system of the device we use to log in, so we click Sign in.

Image showing 1Password allowing the user to sign in with a passkey during software-bound Passkey MFA

Sign in using a passkey stored on your mobile device

If you have a passkey associated with Rublon stored in an encrypted software vault of your Passcode Manager (e.g., 1Password, Bitwarden) installed on your mobile device, you can use this passkey to sign in during Rublon MFA.

The prerequisite for using a mobile device that stores a passkey is that you complete a software-bound passkey enrollment on your mobile device. This is a mandatory prerequisite because it creates the passkey and stores it in your Passkey Manager’s local vault.

The general login steps for this scenario are as follows:

1. Enable Bluetooth on both your mobile device that stores the passkey and the device you are logging in on.

2. Select the WebAuthn/U2F Security Key authentication method on the Rublon Prompt and then select the iPhone, iPad, or Android device option.

3. Scan the QR code and open the URL.

4. Depending on your mobile device’s settings, you may also be asked for additional security control like scanning your fingerprint before you are logged in.

3. You will be successfully signed in to your application.

Enroll a Hardware-Bound Passkey

The following example illustrates creating a YubiKey-bound passkey and enrolling it with Rublon MFA. You can use any other FIDO2-compliant security key.

1. Ensure you have completed all steps from the Initial Passkey Enrollments Steps section.

2. Choose to save the passkey on your security key and click Next. If you cannot find Security key among the options, select Use another device to show more options.

Image showing a Windows Security prompt asking the user to choose where to save the passkey

Note

Rublon MFA also supports Windows Hello passkeys. To save the passkey on the current Windows device using Windows Hello, select This Windows device on the Choose where to save this passkey prompt and scan your fingerprint or enter your PIN.

3. When asked to set up the security key, select OK and then touch your security key.

Image showing a Windows Security prompt asking the user to touch their security key

4. You will be informed that the passkey was saved on your security key. Select OK.

Image showing a Windows Security prompt informing the user the passkey was saved

5. Enter a name for your passkey and click Save.

Image showing a Rublon Prompt asking the user to enter a name for their security key

6. You will be redirected to the Rublon Prompt. You can now sign in using your passkey.

Sign in Using a Hardware-Bound Passkey

1. To sign in using your hardware-bound passkey, choose the WebAuthn/U2F Security Key authentication method from the Rublon Prompt.

2. A window will open, asking you to choose a device with a saved passkey. Choose Security key and click Next.

Image showing the Windows Security prompt asking the user to sign in with a security key

3. Plug in your key if you have not already, and then touch your FIDO2 security key.

Image showing the Windows Security prompt asking the user to touch their security key during hardware-bound Passkey MFA

4. You will be successfully signed in to your application.

Related Posts

  • Rublon User Guide
  • How to enroll a mobile device with Rublon Authenticator?
  • How to enroll a third-party authenticator app?
  • How to add a WebAuthn/U2F Security Key?
  • How to add a YubiKey OTP Security Key?
  • How to add a mobile phone number?
  • How to add a landline phone number?

Filed Under: User Guide

Primary Sidebar

Contents

  • Initial Passkey Enrollment Steps
  • Enroll a Software-Bound passkey
  • Sign in Using a Software-Bound Passkey
  • Enroll a Hardware-Bound Passkey
  • Sign in Using a Hardware-Bound Passkey
  • Related Posts
Try Rublon for Free
Start your 30-day Rublon Trial to secure your employees using multi-factor authentication.
No Credit Card Required


Footer

Product

  • Regulatory Compliance
  • Use Cases
  • Rublon Reviews
  • Authentication Basics
  • What is MFA?
  • Importance of MFA
  • User Experience
  • Authentication Methods
  • Rublon Authenticator
  • Remembered Devices
  • Logs
  • Single Sign-On
  • Access Policies
  • Directory Sync

Solutions

  • MFA for Remote Desktop
  • MFA for Windows Logon
  • MFA for Remote Access Software
  • MFA for Linux
  • MFA for Active Directory
  • MFA for LDAP
  • MFA for RADIUS
  • MFA for SAML
  • MFA for RemoteApp
  • MFA for Workgroup Accounts
  • MFA for Entra ID

Industries

  • Financial Services
  • Investment Funds
  • Retail
  • Technology
  • Healthcare
  • Legal
  • Education
  • Government

Documentation

  • 2FA for Windows & RDP
  • 2FA for RDS
  • 2FA for RD Gateway
  • 2FA for RD Web Access
  • 2FA for SSH
  • 2FA for OpenVPN
  • 2FA for SonicWall VPN
  • 2FA for Cisco VPN
  • 2FA for Office 365

Support

  • Knowledge Base
  • FAQ
  • System Status

About

  • About Us
  • Blog
  • Events
  • Co-funded by the European Union
  • Contact Us

  • Facebook
  • GitHub
  • LinkedIn
  • Twitter
  • YouTube

© 2025 Rublon · Imprint · Legal & Privacy · Security

  • English
  • Polski (Polish)