Authentication Method - FIDO2 security key - Allow self-service set up
Why This Matters
Allowing users to self-register FIDO2 security keys reduces administrative overhead for device onboarding. However, if left unrestricted, users may register unauthorized or non-compliant security keys, potentially weakening your organization’s authentication posture. Enabling self-service setup with proper governance balances security and user convenience.
What Aether365 Checks
Aether365 verifies that the isSelfServiceRegistrationAllowed setting in the FIDO2 authentication method configuration is set to true. This check appears in the Aether365 dashboard under entra-id checks and ensures users can independently register FIDO2 security keys without administrator intervention.