Product Guide
...
Kubeark Identity
Stages

Password stage

1min

The Password prompt is a standard way of verifying the identity of the pending_user. This stage also enables the choice of the authentication source for the user.

Passwordless authentication

There are two distinct methods to configure passwordless authentication. One method is to directly authenticate users with their authenticator, which is only supported for WebAuthn devices.

1

Direct authentication using authenticator: Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics. For an alternate passwordless setup, see Password stage, which supports other types. To configure passwordless authentication, create a new Flow with the delegation set to Authentication.

2

Dynamically skip the password stage

As first stage, add an Authentication validation stage, with the WebAuthn device class allowed. After this stage you can bind any additional verification stages. As final stage, bind a User login stage.

Users can either access this flow directly via it's URL, or you can modify any Identification stage to add a direct link to this flow. The second method involves dynamically skipping the password stage based on the user's device. The documentation for this method can be found here.