Foldr supports Passkeys (formerly known as Webauthn) to allow users to sign in to the Foldr web and Windows desktop app.
Passkeys provide a secure, passwordless way to sign in to websites and apps. They use cryptography (like your phone’s fingerprint, face scan, or unlock PIN) to create a secure key pair. One part of the passkey stays on your device (the private key), the other part (the public key) is stored on the Foldr server. Passkeys are phishing-resistant and once setup provide a convenient, secure and fast way to sign into services.
Passkeys may be stored on:
Physical security keys (USB Yubikey etc), modern iOS and Android mobile devices, PC / Mac using TPM, Windows Hello, iCloud / Apple secure enclave, password managers and more. Passkey sign-in supports biometic sign in by leveraging macOS TouchID or FaceID and Windows Hello Face or Hello Fingerprint. Traditional password sign-in can optionally be disabled once a user has one or more passkey devices registered.
More information about Passkeys and WebAuthn can be found here:
https://en.wikipedia.org/wiki/WebAuthn
An example use case – Passkey sign in would allow you browse to the Foldr server’s web app on your Windows PC, click ‘sign in with a passkey’ on the Foldr sign in page, pass Face ID on your iPhone and the Foldr web app signs in immediately on the PC.
App Compatibility
Signing in with a passkey is supported in the Foldr web and Windows desktop app. macOS users can use passkeys in the Foldr web app only. The iOS and Android mobile apps do not support passkey sign in.
Web Sign-In Requirement
Web sign-in must be enabled for the Windows desktop app in order to support passkey sign-in. This is configured on the server in Foldr Settings > Devices & Clients > Windows. Note – Web sign-in is enabled by default.
Enabling Passkey Sign-In for Users
Passkey sign-in is disabled by default and must be configured for users/groups as required. To enable Passkey support:
1. Sign into Foldr Settings and browse to the Security > Passkeys tab.
2. Enable Passkey sign-in by toggling on ‘Allow users to sign in with security keys‘
3. Create a profile and assign it to users/groups. Click + Add New
4. Give the Profile a suitable name
5. Decide if users should be forced (Required) to register a security device when they next sign into Foldr, or if they can add a device later at a time of their choosing (Optional) under the ME screen in Foldr.
6. Click the Users & Groups tab and search for the User or Group that you wish to assign the profile. In the example below an Active Directory group ‘Marketing’ is being used.
7. Select the user/group from the search results and finally click the Update button
8. This will return you to the main Passkeys screen. Click Save Changes to commit changes or add another profile if required.
The setup process is complete. Users will now see a ‘Sign in with a Passkey‘ button at the bottom of the web sign-in dialog:
User Experience – Registering a Device (Passkeys are Optional)
If a user signs in and their Passkey profile is set as optional, they can enable/register their passkey (physical security key, smartphone passkey or Windows Hello / macOS FaceID/TouchID) within the Me area in the Foldr web app. This article will use Windows Hello as an example passkey device and assumes that Windows Hello has already been setup in Windows Settings > Accounts > Sign in options. If another passkey method is being used, such as smartphone, or external / physical security keys, the prompts will be different.
Within ME > Security tab, click + Register New Device.
The user will be prompted to provide their password before they can continue
The select where to save your passkey dialog is shown, the user can either create a passkey which is saved in Windows Password Manager or choose ‘Windows Hello or external security key’ depending on preference. In this example we will choose the bottom option.
The following options appear (some may not be available on your device depending on software installed and features enabled).
In this example we will choose ‘This Windows device;
The following prompt will appear and once Windows Hello Face (or fingerprint or pin) detects the user, they will be able to click OK.
The device will then be registered in Foldr > ME > Security > Passkeys and can be used for sign in.
Multiple devices may be registered as required (for example Windows Hello may be registered, along with physical USB devices)
User Experience – Signing in with a Security Key
On the web app sign-in screen, click the Sign-In with a security key button
The Windows Security dialog will be shown.
Windows App Sign-In Process using Passkeys
In the example below, a device has already been registered for passkey sign-in and will use Windows Hello (face scan) to sign into the Foldr app.
In the Windows app sign in dialog, click Sign in with a Passkey
The Windows Security dialog will appear and will automatically search for a suitable passkey, and attempt Windows Hello Face.
Once the Windows Hello Face recognises the user, all they need to do is click OK and the Foldr app will sign in.
Disabling password sign-in (optional)
It is possible to force users to sign in only using Passkeys. To do this, enable the toggle to disable password sign in when enabled in the passkey profile in Foldr Settings > Security > Passkeys > Profiles
Should a user try to sign into Foldr (web or apps) using their password with the above toggle enabled in their passkey profile, the following warning dialog is shown.
Managing Security Keys
A user can manage their registered security keys in the web app’s Me menu screen.
Foldr administrators can search for and view/remove user’s registered security keys in Foldr Settings > Security > Passkeys > Active Users.
