Authenticating With WebAuthn on Windows

WebAuthn enables secure passwordless authentication using hardware security keys, biometrics or platform authenticators during remote RDP sessions. This feature is in beta and may change in future updates.

Enabling WebAuthn on Windows

WebAuthn is disabled by default. To enable WebAuthn authentication follow the steps below.

1. In the Global Configuration settings, check the WebAuthn box:

   

   You can also enable WebAuthn redirection for local connections as well:

   

2. After you launch the application you will be able to use Yubikey as a FIDO2 key.

 

Enforcing Vault Authentication for WebAuthn

Admins can use these instructions to enforce whether users can use these instructions to connect to a vault with WebAuthn authentication.

1. Open the Connection Manager Registry editor which can be found via the following path:

   Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Delinea Inc.\Delinea Connection Manager\AdminConfig

2. Create a value in the Registry called WebAuthnVaultEnforcement and input y as the parameter.