This article provides an overview of how users can register their first Beyond Identity passkey on a Windows device. If you have already registered your initial Beyond Identity passkey and need to add your passkey to a secondary Windows device, see https://support.beyondidentity.com/hc/en-us/articles/6763368950295-How-do-I-migrate-my-existing-Passkey-to-a-Windows-device.
Instructions
This article assumes that your IT administrator has already installed Windows Desktop Login on your device and you just need to register the passkey.
- Open the registration email for Beyond Identity from your IT administrator. It should look similar to the following example:.
Important: If Windows Desktop Login was pushed via MDM you do not need to download the authenticator under Step 1, Get Authenticator in the email and can skip to Step 2: Register credential.
- In most cases, your administrator will have already deployed Beyond Identity to machines in your organization and you should skip to Register credential in the email.
- Click the Register New Profile button (shown above).
Important: Make sure you register the passkey before the link expires.
- Once registration completes, the Authenticator displays a message that the Passkey was successfully set up.
- In the right panel, click Enroll in Desktop Login.
- Sign in with your Microsoft Azure (Entra) password when prompted. You may need to also verify your identity via text or other method if multifactor authentication is configured.
- If your Windows device is equipped with a fingerprint reader, the fastest way to log in is to register your fingerprint. Alternatively, you can opt to use a PIN to login. To configure a fingerprint:
- Click the hand and finger on the screen that you want to use to login.
- Scan the finger on the fingerprint reader.
- When scanning is complete, click Next.
- Enter a PIN that you will use to log in with Beyond Identity. If you scanned your fingerprint, you will still need to enter a PIN as a backup.
- Re-enter the pin. As soon as you type the correct pin, a "PINS match" message appears.
- Click Finish setup.
If you see a message that states "We couldn't set up offline access at this time," Windows Desktop Login was successful but it may take time to sync with Azure\Entra because Windows caches credentials. You can still login as usual.
Note: You may see the following message. In most cases, you can click No. You only need to click Yes if you using remote desktop login to log into the Windows machine or if you are using step up authentication that requires remote access.
- It is strongly recommended that you migrate a copy of your passkey to another device so you can recover it if you accidentally delete it, etc. The following articles describe how to to perform this procedure:
Signing on or unlocking your your desktop with Beyond Identity
Fingerprint
If you've scanned your fingerprint during setup, when you log into your Windows device, you can now use your fingerprint on the login screen.
If you don't see the fingerprint option, click Sign-in options and select the fingerprint icon shown below.
PIN
When you log into your Windows device, you will now select Use Beyond Identity PIN on the login screen.
Then, enter the PIN you configured in Step 9 of the previous section:
Opening applications throughout the day
When opening corporate applications throughout the day, rather than being prompted to enter your username and password to authenticate, you can simply scan your fingerprint or enter your PIN as shown in the following example screens.
Comments
0 comments
Please sign in to leave a comment.