I have written some articles in the past related to the passwordless sign-in subject, but that usually described to experience on Windows devices. I described how to use FIDO2 security keys to sign in to Windows itself or use the key to sign in to Office 365/ Azure AD.
On macOS, we are not able to sign in to the Mac itself by using a FIDO2 key, but by using the Microsoft Edge browser, we’re at least able to use a FIDO2 key to passwordless sign-in to Office 365! With Safari, this is unfortunately still not possible.
The only challenge left for a Mac-only user is how to manage the key. On Windows, we have built-in support to manage a key. We can add or change a PIN via Windows settings, and also reset the key. That support isn’t available in macOS by default. To overcome this limitation for Mac users, one of the FIDO2 vendors, Feitian, published an application to manage their keys. I haven’t seen such an application yet from another vendor, but let me know in the comments if other vendors do have such an app for macOS.
Let’s have a look in this article, how easy it is to set up our Feitian FIDO2 key to passwordless sign in to our Office 365 account.
To use a FIDO2 security key with your Office 365 account, some setup needs to be done in Azure AD. I described these steps in this blog post.
Setup the FIDO2 key
I have a Feitian K26 USB C FIDO2 (Bio) key which I want to manage on my MacBook. For this, we can search in the App Store for Feitian and download the app BioPassFIDO2.
Once installed, open the app and insert the key in the Mac.
As this is a bio version, I can add multiple fingerprints to the key, so I don’t have to enter a PIN every time I use the key.
But every FIDO2 key needs to be set up with a PIN, also the bio versions.
To set up the key, open the app and insert the key into the Mac. Choose Add fingerprint and provide a new PIN code.
Once the PIN is set, touch the key a few times with your finger until the app shows it’s all set.
Optionally you can register multiple fingerprints.
Below is a video of this process.
Key registration in Office 365
To use the key with Office 365, it first needs to be registered in our Azure AD account. Follow the below steps, to register the key. The registration process is equal to the process on a Windows device.
- Sign in to https://mysignins.microsoft.com/security-info
- Click Add method
- Select Security key from the drop-down list
- Click Add
- Choose USB
- Click Next
- Wait for the redirection
- Insert the key
- Touch the key
- Click Allow
- Name the key
- Click Next
- You’r ready to go!
Registration of the key is successful. We’re ready to sign in with our password to Office 365!
Passwordless sign in experience
This is the sign-in experience to Office 365 with a FIDO2 security key.
That’s it for this post.
Thanks for reading!
1 Comment
Hi Peter, nice article! I use the key from Yubico, there is also an macOS app to manage the key.