Team, our organization uses Enpass Business. We do NOT permit synced passkeys and enforce device-bound passkeys via M365 / Entra.
(If a passkey can be synced, it can be exported and exfiltrated and phished. Synced passkeys are not much safer than passwords.)

Unfortunately, each time we try to create a device-bound passkey with a service, Enpass always interrupts. So we need to close Enpass before we can repeat the process to use Windows Hello or a YubiKey to store new passkeys.

Please give us a switch that turns passkeys in Enpass OFF, while maintaining all the safe credential storage capabilities. Also: give us org-wide control over this via policy in Enpass Console.

Thanks!

Dom

For Enpass Business users, please ask your organization Admin to follow the steps below:

1. Log in to the Enpass Admin Console

2. Navigate to Policies → Advanced

3. Enable (check) the option: “Disable passkey creation and sign-in”

4. Save the changes.

Once this policy is enabled, Enpass will no longer prompt for passkey creation or sign-in, while all other secure credential storage features will continue to work normally.

Ah – THANKS for that. 👍

Found it. However, when I enable the disable option, console throws an error: "Domain is not allowed" and I am not able to save the setting.

What's next?

Never mind – I found that we were allowing users to activate Enpass from gmail.com addresses. After removing gmail.com as a permitted activation domain, I could make and save the change you suggested.

Thanks!

Edited 3 hours ago3 hr by Damasta
new insight