GITBOOK-379: change request with no subject merged in GitBook

defguard-community · gitbook-bot · commit 42a5af12da22 · 2025-04-28T12:49:14.000Z
diff --git a/SUMMARY.md b/SUMMARY.md
@@ -23,6 +23,7 @@
   * [Sending support information](admin-and-features/troubleshooting/sending-support-info.md)
   * [Client Windows installer exit codes](admin-and-features/troubleshooting-guide/windows-installer-exit-codes.md)
   * [Client "All traffic" connection issues](admin-and-features/troubleshooting/client-all-traffic-connection-issues.md)
+  * [WebAuthn security keys](admin-and-features/troubleshooting/webauthn-security-keys.md)
 * [Deploying your instance](features/setting-up-your-instance/README.md)
   * [Upgrading](features/setting-up-your-instance/upgrading.md)
   * [One-line install script](features/setting-up-your-instance/one-line-install.md)
diff --git a/admin-and-features/troubleshooting/webauthn-security-keys.md b/admin-and-features/troubleshooting/webauthn-security-keys.md
@@ -0,0 +1,24 @@
+# WebAuthn security keys
+
+Currently, only security keys that can be configured as **passkeys** are supported.
+
+**Passkeys** are a modern replacement for traditional passwords, based on WebAuthn and FIDO2 standards. They enable passwordless authentication by verifying both possession of a device and an additional user verification step (such as biometrics, PIN entry, or a user gesture).
+
+For a security key to be supported, it must be able to correctly set the **User Verification (UV)** flag during the WebAuthn authentication flow. The UV flag indicates that the key has confirmed that the user is physically present and actively authenticating.
+
+Some older or limited-functionality security keys do not support the necessary mechanisms (such as built-in biometrics or PIN prompts) to perform user verification. As a result, they **cannot set the UV flag** and are **not supported** for passkey use.
+
+{% hint style="danger" %}
+Attempting to register an **unsupported** security key will result in an **error** during **registration** process.
+{% endhint %}
+
+#### Examples of Unsupported Security Keys
+
+* **YubiKey 4 Series** (e.g., YubiKey 4 Nano, YubiKey 4C)
+* **YubiKey NEO**
+* **Older FIDO U2F-only keys** without FIDO2/WebAuthn support
+
+#### Requirements for Supported Keys
+
+* Must support **passkey** registration and authentication (WebAuthn + FIDO2).
+* Must be capable of **user verification** (e.g., PIN entry, biometrics, or touch gestures).
