Skip to main content
Passkeys provide phishing-resistant multi-factor authentication using a device biometric, screen lock, or security key. Your organization may require passkeys for all users or for accounts with elevated permissions.
Security options depend on your organization policy and account permissions. If you cannot change a setting, contact your Sofie administrator.

Open security settings

1

Open Account Settings

Use the user menu in the sidebar.
2

Choose Security

Select the Security tab.
3

Review passkey status

Check whether Passkey MFA is enabled, not set up, or required by policy.

Add a passkey

1

Click Add passkey

In Security, click Add passkey.
2

Follow your browser or device prompt

Use your device biometric, screen lock, password manager, or security key.
3

Confirm enrollment

Return to Sofie and verify that the passkey appears in Registered passkeys.
If your browser does not support passkeys, try a current version of Chrome, Safari, Edge, or Firefox on a device with passkey support.

Review registered passkeys

The Registered passkeys list shows passkeys attached to your account. Use it to check:
  • How many passkeys are enrolled.
  • Whether a passkey is synced or device-bound.
  • When a passkey was added or updated.
  • Whether you should add a backup passkey.
If your organization requires passkeys, enroll more than one supported device when policy allows it. This reduces lockout risk if a device is lost.

Remove a passkey

You may be able to remove a passkey from Registered passkeys. Before removing one:
  • Confirm you have another working passkey if passkeys are required.
  • Check whether the device was lost, retired, or replaced.
  • Make sure you are not removing the only required authentication method.
Sofie may prevent removal if policy requires at least one passkey.

Replace lost passkeys

If you lose access to your passkeys, follow the recovery flow your organization uses. Sofie may require a recent email sign-in before replacing old passkeys. Ask your administrator for help if:
  • You cannot complete email recovery.
  • You no longer have any enrolled device.
  • Your role requires passkeys and you are blocked from the rest of the app.

Passkey prompts during work

Sofie may ask for a security step before sensitive actions, depending on your organization policy and role. This can happen when:
  • You manage users, roles, groups, organization settings, or security settings.
  • You change sensitive account settings.
  • You access elevated-security pages.
Do not share passkeys, device unlock methods, or security keys. Each user should use their own account and authentication method.