Authenticator configuration options

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Use the Authenticator Configuration page to manage authenticator options on your instance.

    Navigate to Multi-factor Authentication > Web Authentication > Authenticator Configuration to view and edit the default configuration options.

    Table 1. Authenticator Configuration form
    Field Description
    Allowed authenticator type Type of authenticators allowed to be registered. Select from:
    • Platform authenticators are attached or integrated into a device. Fingerprint readers or facial recognition available on mobile devices(such as Apple FaceID or TouchID) fall under this category.
    • Roaming authenticators can be removed from a computer or other client device and used elsewhere. Hardware keys fall under this category.
    Attestation Type Setting the value to direct or indirect will require importing authenticator metadata to attest to the provenance of an authenticator during registration.
    • None
    • Direct
    • Indirect
    Platform self-attestation Whether self-attestation is enabled for platform authenticators.
    Cross platform self-attestation Whether self-attestation is enabled for roaming authenticators.
    User verification Select from Preferred or Required. If required, web authentication flow prompts users for verification using PIN or Biometrics.
    Verify user presence Whether web authentication flow requires the user presence verification.
    Resident key Select from Preferred or Required. If required, the authenticator persists the public key credentials within the authenticator storage.
    Timeout (In ms) Maximum time limit for completing web authentication registration and authentication. Time is in milliseconds.