DocumentationRelease Notes
Log In
Documentation

Configure passwordless authentication

Suggest Edits

BeyondTrust supports FIDO2-certified authenticators to securely log in to BeyondInsight without entering your password. Roaming authenticators, such as YubiKeys, and platform integrated biometric authenticators, such as Windows Hello are supported.

ℹ️

Note

Passwordless authentication is available only for local BeyondInsight users. Support for Active Directory, LDAP, and Entra ID directory users is planned for a future release.

Enable passwordless authentication

  1. From the left sidebar, click Configuration.

  2. Under Authentication Management, click Authentication Options.

  3. Under Passwordless Authentication:

    • Select the Default Authentication Method.This sets the default method displayed when logging into the console.
    • Check Enable Passwordless FIDO2 Authentication to enable it for BeyondInsight instance.
    • Click Update Passwordless Authentication Settings to save.

Register a passwordless authenticator

  1. In the top-right corner of the console, click the Profile and preferences icon.

  2. Click Account Settings.

  3. From the My Account panel, click Passwordless Authentication.

  4. Click + Register FIDO2 Authenticator.

  5. Select the type of authenticator you wish to register: Roaming or Platform.

  6. Enter a unique name for your authenticator.

  7. Enter your BeyondInsight account password.

  8. Click Continue and follow your browser's instructions.

View and manage passwordless authenticators for users

  1. From the left sidebar, click Configuration.

  2. Under Role Based Access, click User Management.

  3. Click the Column Chooser above the grid.

  4. Select Passwordless FIDO2 Authenticators from the list to add that column to the grid.

  5. The number of FIDO2 authenticators for each user is displayed in the column.

  6. Click the vertical ellipsis for a user and select View User Details.

  7. From the User Details Panel, click FIDO2 Authenticators.

  8. From the FIDO2 Authenticators grid, you can see the type of authenticator for each user, along with when it was registered, and last used.

  9. To delete an authenticator for a user, click the vertical ellipsis for the user and click Delete.

Updated 6 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.