This article provides additional information about the error message end users receive when they try to enroll WebAuthn or FIDO2 Biometric MFA factors on their mobile devices:
The user agent does not support public key credentials
- Multi-Factor Authentication (MFA)
All users will encounter an error message, regardless of their account privileges or Okta tenant Engine. If end-users attempt to enroll biometric MFA factors on their mobile devices, the above error message will be displayed.
The WebAuthn authentication flow and/or MFA enrollment process are not supported on Android Mobile devices since the Android platform only supports CTAP1 (U2F) authenticators. Android supports clients (browsers) that make WebAuthn requests to a relying party.
NOTE: CTAP stands for Client to Authenticator Protocol.
To avoid this issue, please make sure that the authentication flow performed on an Android Mobile device is not evaluated by a Policy that requires a mandatory Biometric MFA factor.
For additional information on WebAuthn Compatibility, please take a look at WebAuthn Compatibility.
