How to enable WebAuthn

  • Published on Apr 29, 2026
  • 2 minute(s) read
  • s
 Prev Next

Beginning July 1, 2026, MFA will be mandatory for all employees statewide. By default, NCEdCloud uses Time-Based One-Time Passcode (TOTP) for MFA. WebAuthn is available as an alternative, and this guide walks you through how to enable and set up WebAuthn.

What is WebAuthn?

WebAuthn is an extra layer of security that helps protect your NCEdCloud account. Instead of entering a code with TOTP, you authenticate using a physical device that you have already registered.

Each authentication:

  • Uses your device's built-in biometrics or a hardware security key

  • Does not require typing a code

  • Each registration is unique to the site it was set up on

What can I use with WebAuthn?

WebAuthn works with a variety of authenticators, including:

Platform authenticators: built into your device, such as Touch ID, Face ID, Windows Hello, or Android fingerprint

Roaming authenticators: external hardware keys like a YubiKey that connect via USB, NFC, or Bluetooth

Passkey managers: third-party tools such as 1Password that support storing and using passkeys

Enabling WebAuth for a user:

To enable WebAuthn for a user, check the Enable WebAuthn option on their profile. This will prompt the user to set up WebAuthn on their next login. To do this:

  1. Head to the “People” Module in NCEdCloud

  2. Navigate to “Manage LEA Employees” delegation

  3. Search for and highlight the user

  4. Click Details, then Edit

  5. Check ‘ENABLE WEBAUTHN’

  6. Click Save

Note: If you need to revert a user back to TOTP, simply uncheck the Enable WebAuthn box and click Save.

Managing WebAuthn for a user:

To help manage a user's WebAuthn, two buttons will be available in the ‘Manage LEA Employees’ delegation::

  • Delete WebAuthn: Use this to delete an existing WebAuthn device from a user's profile

  • Manage WebAuthn: Use this to view a user's existing WebAuthn devices or add a new one

Adding a WebAuthn device for a user:

To add a new WebAuthn device for a user, navigate to the “Manage LEA Employees” delegation, search for and highlight the user, then click the “Manage WebAuthn button”. A popup will display a list of all WebAuthn devices currently registered to the user.

A popup will display a list of all WebAuthn devices currently registered to the user. Click the “Add Device button” to add a new device.

You will then be prompted to enter a ‘Device Name’ this a name you will be assigning to help identify the device. After click on the ‘Device Type’ and there will be two option to choose from:

External Security Key: Registers a USB, Bluetooth, or NFC security key for use across multiple computers or mobile devices

This Device: Registers the device you are currently using. Supported authentication methods such as a device PIN, Touch ID, Face ID, or Windows Hello will vary by browser and platform

Click “Continue”. You will then be prompted with a popup to complete the device registration.