The Passkey Manager (/settings/user-practitioner/edit-user/{userQuery}/passkey-manager/) manages WebAuthn passkeys for a specific staff member's sign-in. A passkey lets someone sign in using their device's own built-in security — a fingerprint, face unlock, or a physical security key — instead of typing a password at all.
You won't find this page listed in the main Settings navigation. It's reached from inside a staff member's Edit User profile, the same way Practitioner Settings is — open the person's profile from the staff list first, then navigate into their Passkey Manager from there.
What you'll learn
What a passkey actually is, and why it resists phishing in a way a password can't
How to register a new passkey for a user and remove one that's no longer needed
Why MFA linking (covered in Editing a User) and passkeys are related but distinct security layers
Where to go for the rest of the sign-in process this fits into
The Passkey Manager page for a staff member, showing the list of registered passkeys with their device names and registration dates, plus an option to add a new passkey.
Why passkeys are worth the setup
Phishing-resistant by design A password is a shared secret — anyone who learns it, whether through a phishing email, a data breach elsewhere, or a guessed weak password, can use it. A passkey has no shared secret to steal in the first place: it's cryptographically tied to the physical device that created it, and a fake login page has nothing to trick a passkey into revealing. For a clinic handling patient health information, this is a meaningfully stronger sign-in option worth encouraging staff to set up, not just a novelty.
Registering a passkey doesn't remove or replace a staff member's password — it adds an additional, stronger way for them to sign in alongside it. Someone can have both a password and one or more passkeys registered at the same time, and use whichever is convenient for a given device.
Registering and removing passkeys
This page shows every passkey already registered to the account, along with the device name and registration date for each one — useful context if someone has several devices registered and needs to figure out which entry corresponds to which one before removing anything.
1
Open the account's Passkey Manager
From that staff member's Edit User profile, navigate into Passkey Manager.
2
Add a new passkey
Start registration and follow the device's own prompt — a fingerprint scan, face unlock, or security key tap, depending on the device.
3
Remove a passkey no longer in use
Find the entry for the retired or lost device in the list and remove it. This doesn't affect the account's password or any other registered passkey.
Lost a device? Remove its passkey first If the device a passkey was registered on is lost, stolen, or replaced, remove that passkey from here before anything else. A removed passkey can no longer sign in, closing off that specific device as a route into the account even if it later ends up in someone else's hands.
How this relates to MFA and the rest of sign-in
Passkeys are a distinct security layer from the multi-factor authentication (MFA) device linking covered on the Security tab of Editing a User. MFA linking adds a second verification step on top of a password; a passkey can replace the need for a password entirely on a given device. Both exist to reduce reliance on a password alone, from two different angles.
No. Registering a passkey doesn't remove or disable your password — it adds a stronger sign-in option alongside it. You can keep using either, depending on the device.
Remove that passkey from the Passkey Manager as soon as possible, then register a new one on your replacement device. Removing it prevents the lost device from being used to sign in even if someone else finds it.
No, though they're related. MFA (covered in <a href="/settings-our-clinic/editing-a-user/">Editing a User</a>) adds a second verification step alongside a password. A passkey can replace the password step itself on a given device, using the device's own built-in security instead of a typed secret.
No. It's reached from inside a staff member's Edit User profile, not from a standalone Settings navigation item. Open their profile from the <a href="/settings-our-clinic/users-and-practitioners-managing-your-team/">staff list</a> first.