2022-03-03 18:20:43 +07:00
---
2022-06-15 14:51:47 +07:00
title: "WebAuthn"
description: "Configuring the WebAuthn Second Factor Method."
lead: "WebAuthn is the modern browser security key specification that Authelia supports. This section describes configuring it."
2022-06-28 12:27:14 +07:00
date: 2022-03-03T22:20:43+11:00
2022-06-15 14:51:47 +07:00
draft: false
images: []
menu:
configuration:
parent: "second-factor"
weight: 103400
toc: true
aliases:
- /docs/configuration/webauthn.html
2022-03-03 18:20:43 +07:00
---
## Configuration
2022-06-15 14:51:47 +07:00
2022-03-03 18:20:43 +07:00
```yaml
webauthn:
disable: false
display_name: Authelia
attestation_conveyance_preference: indirect
user_verification: preferred
timeout: 60s
```
## Options
### disable
2022-06-15 14:51:47 +07:00
{{< confkey type = "boolean" default = "false" required = "no" > }}
This disables WebAuthn if set to true.
2022-03-03 18:20:43 +07:00
### display_name
2022-06-15 14:51:47 +07:00
{{< confkey type = "string" default = "Authelia" required = "no" > }}
2022-03-03 18:20:43 +07:00
Sets the display name which is sent to the client to be displayed. It's up to individual browsers and potentially
individual operating systems if and how they display this information.
2022-06-15 14:51:47 +07:00
See the [W3C WebAuthn Documentation ](https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialentity-name ) for more
information.
2022-03-03 18:20:43 +07:00
### attestation_conveyance_preference
2022-06-15 14:51:47 +07:00
{{< confkey type = "string" default = "indirect" required = "no" > }}
2022-03-03 18:20:43 +07:00
Sets the conveyance preference. Conveyancing allows collection of attestation statements about the authenticator such as
the AAGUID. The AAGUID indicates the model of the device.
2022-06-15 14:51:47 +07:00
See the [W3C WebAuthn Documentation ](https://www.w3.org/TR/webauthn-2/#enum-attestation-convey ) for more information.
2022-03-03 18:20:43 +07:00
Available Options:
| Value | Description |
|:--------:|:---------------------------------------------------------------------------------------------------------------------------------------------:|
| none | The client will be instructed not to perform conveyancing |
| indirect | The client will be instructed to perform conveyancing but the client can choose how to do this including using a third party anonymization CA |
| direct | The client will be instructed to perform conveyancing with an attestation statement directly signed by the device |
### user_verification
2022-06-15 14:51:47 +07:00
{{< confkey type = "string" default = "preferred" required = "no" > }}
2022-03-03 18:20:43 +07:00
2022-06-15 14:51:47 +07:00
Sets the user verification preference.
See the [W3C WebAuthn Documentation ](https://www.w3.org/TR/webauthn-2/#enum-userVerificationRequirement ) for more information.
2022-03-03 18:20:43 +07:00
Available Options:
| Value | Description |
|:-----------:|:------------------------------------------------------------------------------------------------------:|
| discouraged | The client will be discouraged from asking for user verification |
| preferred | The client if compliant will ask the user for verification if the device supports it |
| required | The client will ask the user for verification or will fail if the device does not support verification |
### timeout
2022-06-15 14:51:47 +07:00
{{< confkey type = "duration" default = "60s" required = "no" > }}
*__Note:__ This setting uses the [duration notation format ](../prologue/common.md#duration-notation-format ). Please see
the [common options ](../prologue/common.md#duration-notation-format ) documentation for information on this format.*
This adjusts the requested timeout for a WebAuthn interaction.
2022-03-03 18:20:43 +07:00
## FAQ
2022-06-15 14:51:47 +07:00
See the [Security Key FAQ ](../../overview/authentication/security-key/index.md#faq ) for the FAQ.