Manage FIDO2 Authenticators

FIDO2 authenticator(s) are either on-device or external security keys that provide passwordless authentication.

This feature requires prior configurations by your systems administrator.

Add a FIDO2 security key

  1. Log in to the user portal .
  2. Click Account > Authentication Factors.
  3. Add a FIDO2 Security Key (for example, a YubiKey), or an On-device Authenticator.

Troubleshoot FIDO2 security keys

Refer to the following table for common issues and solutions related to the management of FIDO2 security keys.

Problem Solution
You receive the following warning message: “Your current browser does not support <admin defined name> registration. Please contact your system administrator.” The Web Authentication APIs used by FIDO2 authenticators are only supported on specified browsers. This browser support is controlled by the W3C and the FIDO Alliance and is unrelated to CyberArk Identity. Refer to for more information.
On the Accounts page of your User Portal you see the following description for a FIDO2 key: "The current tenant URL is not the same as what the device registered with. Please delete and re-register the device with this tenant. The security keys are associated with a URL at the time of registration; they are invalidated if your administrator changes the tenant URL or switches to a vanity URL. Delete and re-register the key.