Overview
Please Note: Mac computers cannot currently use hardware (Yubikey) or software (Authenticator) passkeys to log in to the Cisco Secure Client.
Prerequisites
- You have already set up a passkey for your ECU account in the Microsoft Authenticator app on your mobile device.
- Windows Hello for Business is no longer an option to connect to an ECU VPN.
Instructions
Step 1
Open the Cisco Secure Client 
and choose the appropriate VPN group. Choose Connect.
Step 2
If Windows Hello Prompt appears, select Use a different passkey (if you see that option)...
...OR
Select Sign-in Options
Then select Face, fingerprint, PIN, or security key.
Step 3
The Sign in with a passkey window opens. Select Choose a different passkey.
Step 4
Select iPhone, iPad or Android Device.
Step 5
A QR Code is displayed on the screen.
Step 6
From your Mobile Device: Open MS Auth App, choose the correct Account -> Passkey and the screen below should appear:
Step 7
Tap the QR Code Icon (bottom right). Your device camera opens.
Step 8
Point your camera at the QR Code on the screen, and it should detect the QR Code quickly. If successful, you will see Device connected! Continue on your device.
Now you see this on your computer screen:
Step 9
On your Mobile Device:
- Click Continue on your device.
- Prompt should appear: Do you want to allow Sign-in? Click Yes (this is the actual sign in occurring). This also requires that you be in Bluetooth range and have Bluetooth enabled on your mobile device and computer. If you do not have Bluetooth functionality, you will need to use another method of authentication: Yubikey, UN+PW+MS Authenticator TOTP code.
Step 10
Once the above steps are completed, you have successfully authenticated using your passkey. You may use this method to authenticate when accessing other resources as well. Passkeys are device-bound and provide valuable protection against token theft and replay attacks, since the token cannot be used on a different device.