This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple FIDO authenticators per user


Is it possible for user to have multiple FIDO keys enrolled?

Or to rephrase my question.

There is a customer who would like to user FIDO keys for authentication.

We have a case where user is working in a controlled environment, where it is hard to bring something with you (clean laboratories).

Idea is that user would have one FIDO key inside that lab (for example stored in a safe inside clean lab) and other one that this employee can use whenever is outside.

But as far as I know user can provision only one FIDO key in AA account portal, right?

Is there some other way somebody can think of? Maybe shared authenticators (never used them)?

Kind regards,


Kind regards,


If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

  • Verified Answer


    Hello Sebastijan,

    I think you can refer to Event Categories for this:

    Event Categories
    In this policy you can add categories, which can be used in an event to support multiple enrollments
    for a method. For each event, you can specify one category.

    To add a category, perform the following steps:

    1 Click Event categories.
    2 Click Add.
    3 Specify a name and description for the category.
    4 Click Save.
    5 Click Events and edit the required event to specify the category.
    Ensure that users or helpdesk administrators enroll authenticators for the new category.

    - You can enroll only one authenticator of one type for each category.
    - The Authenticator category option in Events is not displayed when no category is created.
    - The LDAP Password method is an exception. There is one LDAP password authenticator always,
    it can be used with any category.

    Hopefully that cover what you need.



    Luciano Testa

  • Verified Answer


    Hello Sebastijan,

    I think you can refer to Event Categories for this:

    Event Categories
    In this policy you can add categories, which can be used in an event to support multiple enrollments
    for a method. For each event, you can specify one category.

    To add a category, perform the following steps:

    1 Click Event categories.
    2 Click Add.
    3 Specify a name and description for the category.
    4 Click Save.
    5 Click Events and edit the required event to specify the category.
    Ensure that users or helpdesk administrators enroll authenticators for the new category.

    - You can enroll only one authenticator of one type for each category.
    - The Authenticator category option in Events is not displayed when no category is created.
    - The LDAP Password method is an exception. There is one LDAP password authenticator always,
    it can be used with any category.

    Hopefully that cover what you need.



    Luciano Testa
