Enable the Use of Passkeys in RSA Authenticator for iOS and Android

This article provides detailed information about how to enable and use passkeys in RSA Authenticator App for IOS and Android. Learn more about how this release delivers passwordless, phishing-resistant authentication to users’ mobile devices.

Requirements

• A mobile device with Android 14 and later or iOS 17 and later
• RSA Authenticator app V4.5 (and later) for iOS and Android
• An active internet connection on the mobile device
• Bluetooth enabled on both devices for cross-registration/authentication

Important notes

• Certain mobile devices with Android 14 and later do not support the technical features required for passkey. For further information, please refer to Availability of Passkey Feature in RSA Authenticator 4.5 for iOS and Android | RSA Community
• On iOS, RSA Authenticator attestation (required during passkey registration) relies on the Apple App Attest service to verify the authenticity of the Authenticator app.
• On Android, RSA Authenticator attestation (required during passkey registration) relies on Google Play Integrity services to verify the authenticity of the Authenticator app.
  • Google Services, such as Google Play, are not available in China, therefore passkey capability is generally not available for Android users in China.
• The passkey mechanism used in RSA authenticator app does not require an explicit Bluetooth pairing, however Bluetooth must be enabled on both devices for proximity detection during passkey registration or authentication. If your organization restricts Bluetooth usage, it is possible to enable Bluetooth exclusively for passkey support on Windows devices. For more information, please refer to this Microsoft Online help Article: Support for passkeys in Windows | Microsoft Learn

An administrator needs to access the RSA ID Plus admin console and specify that RSA Authenticator app can be used as a FIDO Authenticator. Admins should browse to: Access > My Page > My Authenticator

If ‘FIDO’ is not enabled, enable it, then click the checkbox by ‘RSA Authenticator’ to enable it, ‘Save’, then ‘Publish Changes’.

This will then enable all users meeting the requirements described above to register and use passkeys in their RSA Authenticator App.

• When a user registers their RSA Authenticator App with RSA My Page, it can then register for ‘RSA Authenticate’ method (via either OTP, QR Codes, or Push notifications) and register the device as a passkey
• Once a user has registered their first passkey in the RSA Authenticator app on RSA My Page, they can also then register passkeys with other websites in the app that support passkey authentication.
• When a user with already registered versions of the RSA Authenticator app upgrades to V4.5, they will be offered the option to register a passkey in RSA My Page.
• Passkey in the RSA Authenticator app can be used as an authentication method for RSA ID Plus Web Authentication. However, this is not yet supported as an authentication method with RSA Windows Agent. RSA will launch mobile passkey Web Authentication support in a new version of the RSA Windows agent scheduled for H1 2025.