Using a FIDO2 Security Key

MFA always requires setting up an authentication profile and setting up an identity policy linked to that authentication profile. To use a hardware security key such as FIDO2, you must set it up in your user profile, your authentication profile, and your identity policy.

In your User Profile, set up your personal FIDO key.
Click your user icon > Account details > Security tab > Fido2 > configure >  Save.

In the Authentication profile you're going to use, add FIDO2 authenticator as an authentication challenge.
Click Settings > Authentication profiles > select the profile > Edit > select FIDO2 authenticator > Save.

In the Identity policy linked to the authentication profile you're going to use, select Enable users to enroll FIDO2 authenticators.
Click Access > Identity policies > select the policy > User security tab > Authentication settings sub-tab > Edit > Enable users to enroll FIDO2 authenticators > Save.