This article addresses the situation when users are unable to enroll the FIDO2 (WebAuthN) on a macOS Device using Firefox browser version 122.0 up to version 124.0. This issue only occurs on a specific version of macOS Ventura, 13.6.5. Firefox version 121.0.1 works fine. 

Behaviour's description:

• After entering the username/password on the Okta Org URL, the site should display a request for the security key to be touched. However, the page prompts with "Security Key or Biometric Authenticator" and a spinner waiting for the security key to be touched. After scanning with biometrics (TouchID), nothing happens; it just stays on the same page.

• Okta Identity Engine (OIE)
• FIDO2 (WebAuthN)
• Multi-Factor Authentication (MFA)

The issue begins with Firefox version 122.0.1 and persists through Firefox 124.0. With these versions, the custom config. in Firefox is called security.webauthn.enable_macos_passkeys is set to default to "true".

Setting the custom config security.webauthn.enable_macos_passkeys to "false"  in Firefox and restarting Firefox will resolve the problem in Firefox versions: 122.0.1, 123.0.1, and 124.0.

Steps:

1. Open the Firefox Browser.
2. Enter: about:config
3. And search for: 

   security.webauthn.enable_macos_passkeys 

4. Set this to false.
5. Restart the Firefox browser.
6. Enroll the FIDO2 (WebAuthN).

Related References

• FIDO2 (WebAuthn) with U2F Fails on Mozilla Firefox