Skip to main content

Self-Remediation via Credential Extension (End-User Guide)

  • Updated

Admins click here for information on configuring self-remediation. 

Note: Support for Android Firefox Browser coming soon.
 

Overview

The Self-Remediation feature enables users to recover access when their current device does not yet have a Beyond Identity passkey configured.

When authentication fails because a passkey is missing or has been deleted, users can set up a new passkey on that device by securely extending an existing passkey from another device they already trust.

This process, called credential extension, creates a secure, cross-device link between the user’s primary and secondary devices.

It helps users quickly restore access without IT assistance, reducing help desk tickets while maintaining strong authentication security.

Self-remediation is available for three error types related to passkey configuration:

  • Passkey not found
  • Passkey not found with fallback
  • Passkey deleted

Administrators can configure self-remediation at the error-type level, choosing to enable it for some, all, or none of these error types, depending on organizational policy and security posture.

Credential extension works consistently across all supported operating systems (Windows, macOS, iOS, and Android). For more details, see How do I extend my passkey to an Android device?

 

Before You Begin

To complete passkey credential extension successfully, you’ll need:

  • A second device (such as an iOS or Android phone, iPad, or another laptop) that already has your passkey set up.
  • Access to both devices at the same time.
  • Biometrics (Face ID, Touch ID, or fingerprint) enabled on the device that already holds your passkey.
  • Ensure you have upgraded your Authenticator to the latest version (2.108.0 or higher). 


Step-by-Step Guide


1. Login to Your Application 

Using the new device, login to your web resource (e.g., an application such as Slack). Click, Log in with Beyond Identity.

2. Authentication Starts

The system checks the current device’s security posture. If your passkey isn’t found on this device, the authentication will not proceed.

 

3. Begin Self-Remediation

You’ll see an error stating the passkey is missing. Click Set up passkey with another device to extend your passkey on this device.

Note: The Self-Remediation option appears only when you see an error stating the passkey is missing or has been deleted.

updated-loading-screen.png

 

4. Confirm You Have Another Device

Select I have my other device ready to continue. This tells the system you’ll use an existing passkey from a secondary device to establish trust.

 

5. Follow On-Screen Instructions

A guide appears describing what to do on your second device:

  • Open the Beyond Identity app.
  • Select your passkey.
  • Choose Set up other devices.
     

Click Continue when ready.

 

6. Open the Authenticator on Your Second Device

On your secondary device (e.g., iPhone or Android, laptop), open the Beyond Identity Authenticator. You’ll see your passkey listed under 1 passkey on this device.

7. Select the Existing Passkey

Tap your passkey to open its details, then choose Set up other devices.

8. Allow Biometrics

When prompted, allow Beyond Identity to use Face ID or your device’s biometric method to confirm it’s really you.

 

9. Generate a Code

Your secondary device displays a QR code and a 9-character setup code.

You can either:

  • Scan the QR code from your new device, or
  • Manually type the 9-character code.

 

10. Enter the Code on the New Device

On the laptop or desktop you’re setting up, enter the 9-character code when prompted, then click Continue.

11. Wait for Verification

The code is processed and validated between devices.
 

 

12. Passkey Setup Complete

A confirmation message appears: “Passkey successfully set up on this device.”

 

13. Return to Login

Click Back to log in, then select Log in to restart authentication.

14. Authenticate Normally

The login flow begins again, this time with the passkey successfully registered on your current device.

 

15. Access Granted

You’re now securely authenticated and redirected to your organization’s web resource or dashboard.

If the login attempt doesn’t succeed on the first try, return to the application’s login screen, wait a few seconds, and then try signing in again.

For additional help, contact your administrator or select Contact Support from any screen in the flow.

 

 

 

 

 

 

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.