Using Token2 FIDO2 Security Keys with Cyberark Idaptive

Idaptive provides web application single sign-on, multi-factor authentication (MFA/2FA), and analytics based around a zero trust security model. Idaptive leverages the WebAuthn API to enable passwordless authentication to the Identity Service using either on-device or external authenticators. On-device authenticators are biometric authenticators integrated into the device hardware. Popular examples are Mac Touch ID, Windows Hello, and fingerprint scanners. External authenticators are security keys that you plug into the device's USB port; for example, a Token2 T2F2-ALU. All Token2 FIDO2 keys are compatible with Idaptive.


This guide  shows how an end-user can enrol a FIDO2 security key to his/her account. This feature requires prior configurations by your systems administrator.

Add a FIDO2 security key

  • Log in to the user portal 
  • Click Account > Authentication Factors
  • Click the Add button associated with the FIDO2 Authenticator name created by your systems administrator. In this example, the systems administrator used the name "Token2 FIDO2 Security Key"

    Using Token2 FIDO2 Security Keys with Cyberark Idaptive

  • Click Next on the information screen.

    Using Token2 FIDO2 Security Keys with Cyberark Idaptive

  • Enter a name for your security token.  Most users will have only one token, but this name differentiates multiple tokens.

    Using Token2 FIDO2 Security Keys with Cyberark Idaptive

  • Click Next.
  • Insert your FIDO2 security key into your computer and follow the instructions on the screen.
  • You can now use your FIDO2 security key to authenticate to Idaptive Identity Services.

Cyberark IDAptive