Getting Started with WebAuthn

  • Updated on May 12, 2026
  • Published on May 12, 2026
  • 2 minute(s) read
  • s
 Prev Next

All staff will be required to set up Multi-Factor Authentication (MFA) to access NCEdCloud. By default, NCEdCloud uses Time-Based One-Time Passcode (TOTP) for MFA, however there is also the option to use WebAuthn instead.

What is WebAuthn?

WebAuthn is an extra layer of security that helps protect your NCEdCloud account. Instead of entering a code with TOTP, you authenticate using a physical device that you have already registered.

Each authentication:

  • Uses your device's built-in biometrics or a hardware security key

  • Does not require typing a code

  • Each registration is unique to the site it was set up on

What can I use with WebAuthn?

WebAuthn works with a variety of authenticators, including:

  • Platform authenticators: built into your device, such as Touch ID, Face ID, Windows Hello, or Android fingerprint

  • Roaming authenticators: external hardware keys like a YubiKey that connect via USB, NFC, or Bluetooth

  • Passkey managers: third-party tools such as 1Password that support storing and using passkeys

How to self enable WebAuthn?

Important Note: Once WebAuthn is enabled, you will be prompted to use your passkey every time you log in to NCEdCloud. If you lose access to your passkey or would like to revert to TOTP, contact your local district IT team for assistance.

Log into NCEdCloud and click your name in the top-right corner and select 'Profile Settings' from the dropdown.

A pop-up will appear with your NCEdCloud profile. Click ‘Edit’ to continue.

Scroll down and locate the ‘Enable WebAuthn’ checkbox, select it, then click ‘Save’.

How to add a passkey?

Log into NCEdCloud and click your name in the top-right corner and select 'Manage WebAuthn' from the dropdown.

A pop-up will appear listing your previously configured passkeys. Click ‘Add Device’ to continue.

You will then be prompted to enter a ‘Device Name’ this a name you will be assigning to help identify the device. After click on the ‘Device Type’ and there will be two option to choose from:

  • External Security Key: Registers a USB, Bluetooth, or NFC security key for use across multiple computers or mobile devices

  • This Device: Registers the device you are currently using. Supported authentication methods such as a device PIN, Touch ID, Face ID, or Windows Hello will vary by browser and platform

Click “Continue”. You will then be prompted with a popup to complete the device registration.

How to delete a passkey?

Log into NCEdCloud and click your name in the top-right corner and select 'Manage WebAuthn' from the dropdown.

Click on the ‘X’ next to the passkey you’d like to remove and then click ‘Yes’ to confirm.

FAQ:

What if I want to add a new passkey?

Log into NCEdCloud, click your name in the top-right corner, and select Manage WebAuthn from the dropdown. Click Add Device and follow the prompts to register a new passkey.

What if I get a new phone or device?

Before switching, register your new device as a passkey while you still have access to your old one.

Already switched: If you no longer have access to your old device, contact your district IT team. They can clear your passkeys so you can register a new passkey on your next login.

What if my device is lost or stolen?

Contact your district IT team immediately. They can remove the registered passkey from your account so you can set up a new one on your replacement device.

What if I want to revert to TOTP?

Contact your local district IT team and they will disable WebAuthn on your account.

What if my passkey stops working?

Try removing the passkey from your account and re-registering the device. Log into NCEdCloud, click your name in the top-right corner, select Manage WebAuthn, click the X next to the passkey, and then add it again using Add Device.